Our Blog

Berlin Web Studio blog keeps you up-to-date with web design and development, industry news, security issues, open source software, online marketing, SEO and much more. We cover basic tutorials to the latest in programming ideas. Beginners and experienced users will find something of interest here.

Posted by Editor
Editor
Editor has not set their biography yet
User is currently offline
on Friday, 21 September 2012
in Security Issues

IBM Reveals Security Threats of 2012

At Berlin Web Studio we know that keeping your website secure is one of the major concerns of our clients.  When we maintain sites, we ensure that they are protected, but keeping one step ahead of the hackers means that we have to keep on our toes.  One way we do this is to keep abreast of security warnings and developments made by world leaders in internet security such as IBM. 

IBM  today released the results of its X-Force 2012 Mid-Year Trend and Risk Report, which shows a sharp increase in browser-related exploits, renewed concerns around social media password security, and continued challenges in mobile devices and corporate "bring your own device" (BYOD) programs.

Data for the bi-annual X-Force report comes from IBM's security operations centres which monitor more than 15 billion security events a day on behalf of approximately 4,000 clients in more than 130 countries.

"Companies are faced with a constantly evolving threat landscape, with emerging technologies making it increasingly difficult to manage and secure confidential data," said Kris Lovejoy, General Manager, IBM Security Services. "A security breach--whether from an outside attacker or an insider--can impact brand reputation, shareholder value, and expose confidential information."

New Attack Surfaces with Equal Opportunity Exploits

Since the last X-Force Trend and Risk Report, IBM's X-Force has seen an increase in malware and malicious web activities:

  • A continuing trend for attackers is to target individuals by directing them to a trusted URL or site which has been injected with malicious code. Through browser vulnerabilities, the attackers are able to install malware on the target system. The websites of many well-established and trustworthy organizations are still susceptible to these types of threats.
  • The growth of SQL injection, a technique used by attackers to access a database through a website, is keeping pace with the increased usage of cross-site scripting and directory traversal commands.
  • As the user base of the Mac operating system continues to grow worldwide, it is increasingly becoming a target of Advanced Persistent Threats (APTs) and exploits, rivalling those usually seen targeting the Windows platform.

"We've seen an increase in the number of sophisticated and targeted attacks, specifically on Macs and exposed social network passwords," said Clinton McFadden, senior operations manager for IBM X-Force research and development. "As long as these targets remain lucrative, the attacks will keep coming. In response, organizations should take proactive approaches to better protect their enterprise infrastructure and data."

Password Security Needs Strengthening

The connection between websites, cloud-based services, and webmail provides a seamless experience from device to device, but users should be cautious about how these accounts are connected, the security of their password, and what private data has been provided for password recovery or account resetting. X-Force recommends the use of a lengthy password comprised of multiple words instead of an awkward combination of characters, numbers and symbols.

On the server-side, X-Force recommends encrypting passwords to the database using a hash function that is suitable for password storage. The hash function should be difficult to calculate, which helps limit the effectiveness of attacks.

However, it is not all bad news.

Improvements in Internet Security Continue

As discussed in the 2011 IBM X-Force Trend and Risk Report, there continues to be progress in certain areas of Internet security. IBM X-Force data reports a continuing decline in exploit releases, improvements from the top ten vendors on patching vulnerabilities and a significant decrease in the area of portable document format (PDF) vulnerabilities. IBM believes that this area of improvement is directly related to the new technology of sandboxing provided by the Adobe® Reader X release.

Sandboxing technology works by isolating an application from the rest of the system, so that if compromised, the attacker code running within the application is limited to what it can do or what it can access. Sandboxes are proving to be a successful investment from a security perspective. In the X-Force report, there was a significant drop in Adobe PDF vulnerability disclosures during the first half of 2012. This development coincides nicely with the adoption of Adobe® Reader X, the first version of Acrobat Reader released with sandboxing technology.

About the IBM X-Force Trend and Risk Report

The IBM X-Force Trend and Risk Report is an annual assessment of the security landscape, designed to help clients better understand the latest security risks, and stay ahead of these threats. The report gathers facts from numerous intelligence sources, including its database of more than 68,000 computer security vulnerabilities, its global Web crawler and its international spam collectors, and the real-time monitoring of 15 billion events every day for approximately 4,000 clients in more than 130 countries.  

0 votes
Editor has not set their biography yet

Comments