IBM Predicts Rise In OS X Exploits, Touts Sandboxing

In some ways, the newest edition of IBM's X-Force Trend and Risk Report reasserts what other security researchers and malware-weary end users already know: browser vulnerabilities continue to pose problems, OS X attacks are on the rise, and mobile devices and BYOD have complicated IT managers' jobs.

Despite the familiar themes, however, the report offers potentially useful insights into the nature of these threats by eschewing a statistically driven methodology in favor of a more qualitative approach. IBM hopes the findings will give enterprises a more well-rounded perspective on the dangers they face, as well as a lead in protecting their assets.

The report is drawn from a variety of intelligence sources, including IBM's database of more than 68,000 vulnerabilities, and real-time monitoring--performed on behalf of 4,000 clients in 130 countries--of 15 billion daily Web events. Robert Freeman, manager of X-Force Research, explained in a phone interview that the report, rather than detailing specific breaches or compiling raw statistics, addresses "what is going on in the aggregate," with an emphasis on trends and what they mean in practical terms. "We're looking … to give the professional or executive an overview of what's going on… to help [them] make decisions about purchases," he stated.

[ For expert security best practices, see 5 Black Hat Security Lessons For CIOs. ]

One of the X-Force study's major findings involves OS X users--and the results aren't pretty. A statement IBM emailed to InformationWeek summarizes that Mac threats have not only increased in volume but also in sophistication, "rivaling those usually seen on Windows platforms." Freeman said that Windows exploits are still more numerous, but he emphasized that the report "is not about infection rates" so much as using "technical attributes of the malware" to extrapolate how attacks might evolve. He said there was "pretty strong parity last year" between Windows and OS X but cited malware releases such as Crisis and Flashback as evidence that "an increasing worldwide user base, as well as attention from the security research community" has made Apple's computers "a desirable target."

He said an avalanche of new threats could result and cautioned that due to the availability of rootkits and other malware tools, the forthcoming attacks are not to be taken lightly. Future dangers are not going to be "some sort of joke application," he declared, pointing out that malware authors are now quickly porting Windows-targeted scams, such as fake antivirus software, to OS X. "We want to persuade people not to be complacent," he said.

Freeman believes the outlook is rosier for OS X's mobile sibling, iOS. An end-to-end exploit, he said, is "incredibly expensive on the black market," leading to relatively fewer security breaches. Still, the report states that mobile devices and BYOD are a major problem. Freeman explained that fragmentation is a significant culprit, as the numerous versions of Android have meant that "some devices that aren't terribly old will never receive a firmware update from the vendor."

Indeed, around half the devices using Google's OS are unpatched against attacks. Nonetheless, Freeman emphasized, in a nod to the report's qualitative nature, that the number of vulnerabilities do not necessarily tell the whole story. "What is the [volume of threats] leading to?" he asked, adding that, in the case of Android, the ostensibly overwhelming number of vulnerabilities can be reduced to a single primary concern: text message scams. "More likely than not, if you're hit, it's an SMS scam sending messages to premium numbers without your awareness," he stated.

The report also identified promising methods for thwarting attacks. Sandboxing, which separates individual applications from the rest of the system, is a particular standout. The technique, Freeman said, has substantially reduced the vulnerability count related to Adobe Acrobat and represents "the early stages of a significant paradigm shift" that is being embraced by an increasing number of software vendors.

Alongside the X-Force findings, IBM also announced the opening of a new security operations center in Wroclaw, Poland. The new facility joins nine other such centers that IBM operates around the world. According to an emailed statement, the center is strategically placed to assist clients in Europe and North America. It adds to new growth markets IBM has pursued in the region, including a Global Deliver Center that opened in Wroclaw in 2010.

InformationWeek is conducting a survey on mobile device management and security. Take our 2013 InformationWeek Mobile Device Management and Security Survey now. Survey ends Sept. 14.