IBM Predicts Rise In OS X Exploits, Touts Sandboxing

  /     /     /  
Publicated : 22/11/2024   Category : security


IBM Predicts Rise In OS X Exploits, Touts Sandboxing


IBMs X-Force Trend and Risk Report says browser exploits and BYOD continue to pose challenges, warns that OS X attacks are getting more sophisticated.



In some ways, the
newest edition
of IBMs X-Force Trend and Risk Report reasserts what other
security researchers
and malware-weary end users already know:
browser vulnerabilities
continue to pose problems, OS X attacks are on the rise, and mobile devices and BYOD have complicated IT managers jobs.
Despite the familiar themes, however, the report offers potentially useful insights into the nature of these threats by eschewing a statistically driven methodology in favor of a more qualitative approach. IBM hopes the findings will give enterprises a more well-rounded perspective on the dangers they face, as well as a lead in protecting their assets.
The report is drawn from a variety of intelligence sources, including IBMs database of more than 68,000 vulnerabilities, and real-time monitoring--performed on behalf of 4,000 clients in 130 countries--of 15 billion daily Web events. Robert Freeman, manager of X-Force Research, explained in a phone interview that the report, rather than detailing specific breaches or compiling raw statistics, addresses what is going on in the aggregate, with an emphasis on trends and what they mean in practical terms. Were looking … to give the professional or executive an overview of whats going on… to help [them] make decisions about purchases, he stated.
[ For expert security best practices, see
5 Black Hat Security Lessons For CIOs
. ]
One of the X-Force studys major findings involves OS X users--and the results arent pretty. A statement IBM emailed to
InformationWeek
summarizes that Mac threats have not only increased in volume but also in sophistication, rivaling those usually seen on Windows platforms. Freeman said that Windows exploits are still more numerous, but he emphasized that the report is not about infection rates so much as using technical attributes of the malware to extrapolate how attacks might evolve. He said there was pretty strong parity last year between Windows and OS X but cited malware releases such as
Crisis
and
Flashback
as evidence that an increasing worldwide user base, as well as attention from the security research community has made Apples computers a desirable target.
He said an avalanche of new threats could result and cautioned that due to the availability of rootkits and other malware tools, the forthcoming attacks are not to be taken lightly. Future dangers are not going to be some sort of joke application, he declared, pointing out that malware authors are now quickly porting Windows-targeted scams, such as fake antivirus software, to OS X. We want to persuade people not to be complacent, he said.
Freeman believes the outlook is rosier for OS Xs mobile sibling, iOS. An end-to-end exploit, he said, is incredibly expensive on the black market, leading to relatively fewer security breaches. Still, the report states that mobile devices and BYOD are a major problem. Freeman explained that fragmentation is a significant culprit, as the numerous versions of Android have meant that some devices that arent terribly old will never receive a firmware update from the vendor.
Indeed, around
half
the devices using Googles OS are unpatched against attacks. Nonetheless, Freeman emphasized, in a nod to the reports qualitative nature, that the number of vulnerabilities do not necessarily tell the whole story. What is the [volume of threats] leading to? he asked, adding that, in the case of Android, the ostensibly overwhelming number of vulnerabilities can be reduced to a single primary concern: text message scams. More likely than not, if youre hit, its an SMS scam sending messages to
premium numbers
without your awareness, he stated.
The report also identified promising methods for thwarting attacks. Sandboxing, which separates individual applications from the rest of the system, is a particular standout. The technique, Freeman said, has substantially reduced the vulnerability count related to Adobe Acrobat and represents the early stages of a significant paradigm shift that is being embraced by an increasing number of software vendors.
Alongside the X-Force findings, IBM also announced the opening of a new security operations center in Wroclaw, Poland. The new facility joins nine other such centers that IBM operates around the world. According to an emailed statement, the center is strategically placed to assist clients in Europe and North America. It adds to new growth markets IBM has pursued in the region, including a Global Deliver Center that
opened
in Wroclaw in 2010.
InformationWeek is conducting a survey on mobile device management and security. Take our
2013 InformationWeek Mobile Device Management and Security Survey
now. Survey ends Sept. 14.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
IBM Predicts Rise In OS X Exploits, Touts Sandboxing