Raport IBM X Force 2012, E-boki, IT
[ Pobierz całość w formacie PDF ]
IBM X-Force 2012
Mid-year Trend and Risk Report
September 2012
IBM Security Systems
IBM X-Force 2012 Mid-year Trend and Risk Report
Contributors
Contributors
Producing the IBM X-Force Trend and Risk Report is a dedication in collaboration across all of IBM. We would
like to thank the following individuals for their attention and contribution to the publication of this report.
About IBM X-Force
IBM X-Force
®
research and development teams
study and monitor the latest threat trends
including vulnerabilities, exploits and active
attacks, viruses and other malware, spam,
phishing, and malicious web content. In addition
to advising customers and the general public
about emerging and critical threats, IBM X-Force
also delivers security content to help protect IBM
customers from these threats.
Contributor
Title
Brian McGee
Visual Designer - User Experience Group/Usability
Bryan Ivey
Team Lead, MSS Cyber Threat and Intelligence Analyst
Carsten Hagemann
X-Force Software Engineer, Content Security
Chadd Horanburg
Cyber Threat Intelligence Analyst
Cynthia Schneider
Technical Editor, IBM Security Systems
David Merrill
STSM, IBM Chief Information Security Ofice, CISA
Dr. Jens Thamm
Database Management Content Security
Gina Stefanelli
X-Force Marketing Manager
Jason Kravitz
Techline Specialist for IBM Security Systems
Larry Oliver
Senior Cyber Threat/Security Intelligence Analyst
Leslie Horacek
X-Force Threat Response Manager
Marc Noske
Database Administration, Content Security
Mark E. Wallis
Senior Information Developer, IBM Security Systems
Mark Yason
X-Force Advanced Research
Michael Applebaum
Director of Product Marketing, Q1 Labs
Mike Warield
Senior Wizard, X-Force
Nishad Herath
X-Force Advanced Research
Paul M. Sabanal
X-Force Advanced Research
Ralf Iffert
Manager X-Force Content Security
Randy Stone
Engagement Lead, Emergency Response Service
Rob Hall
Product Manager - Sterling Connect:Enterprise, Sterling Secure Proxy
Robert Freeman
Manager, X-Force Advanced Research
Rod Gifford
Product Marketing Manager, Sterling Connect:Enterprise, Sterling Secure Proxy
Scott Moore
X-Force Software Developer and X-Force Database Team Lead
Thomas Millar
Senior Incident Response Analyst
2
IBM Security Systems
IBM X-Force 2012 Mid-year Trend and Risk Report
IBM Security collaboration
IBM Security collaboration
IBM Security provides a broad spectrum of
security competency.
•
The IBM X-Force research and development team
discovers, analyzes, monitors, and records a
broad range of computer security threats,
vulnerabilities, and the latest trends and methods
used by attackers. Other groups within IBM use
this rich data to develop protection techniques for
our customers.
•
The IBM X-Force content security team
independently scours and categorizes the web by
crawling, independent discoveries, and through
the feeds provided by IBM Managed Security
Services (MSS).
•
IBM Managed Security Services (MSS) is
responsible for monitoring exploits related to
endpoints, servers (including web servers), and
general network infrastructure. MSS tracks
exploits delivered over the web as well as other
vectors such as email and instant messaging.
•
IBM Professional Security Services (PSS) delivers
enterprise-wide security assessment, design, and
deployment services to help build effective
information security solutions.
•
The QRadar Security Intelligence Platform from Q1
Labs, an IBM company, offers an integrated
solution for SIEM, log management, coniguration
management, and anomaly detection. It provides
a uniied dashboard and real-time insight into
security and compliance risks across people, data,
applications, and infrastructure.
•
IBM Sterling Secure Proxy is a demilitarized zone
(DMZ)-based application proxy that protects your
ile transfers from the public Internet. IBM Sterling
Connect:Direct
®
is one of the leading solutions for
secure, point-to-point ile transfers. It has been
optimized for high-volume, reliable data delivery of
iles within and between enterprises, and provides
script-based automation, scheduling, and alert
notiications for unattended 24x7 operations.
3
IBM Security Systems
IBM X-Force 2012 Mid-year Trend and Risk Report
Contents
Contents
Contributors
2
Web content trends
31
Analysis methodology
31
About IBM X-Force
2
IPv6 deployment for websites
31
IBM Security collaboration
3
Anonymous proxies
34
Malicious websites
36
Section I—Threats
6
Spam and phishing
38
Executive overview
6
Spam volume stabilized at low level
38
2012 highlights
8
Major spam trends during the last 12 months
39
Threats
8
Common top-level domains in URL spam
43
Operational security practices
9
Spam country of origin trends
44
Software development security practices
10
Spammers’ weekend activities
45
Emerging trends in security
10
Grum botnet take down in July 2012
46
IBM Managed Security Services—A global threat landscape
11
Email scam and phishing
48
Hand in hand: Cross-site scripting and SQL injection
11
Obfuscation
12
Section II—Operational security practices
52
MSS—2012 top high-volume signatures
14
Combating Advanced Persistent Threats (APTs)
with security intelligence and anomaly detection
SQL injection
15
52
SQL Slammer worm
16
Understanding advanced persistent threats
52
PsExec_Service_Accessed
17
Security intelligence: Uniquely equipped to defend against APTs
54
Directory Traversal
18
Anomaly detection: The security intelligence lynchpin of APT defense efforts
56
Cross-site scripting (XSS)
19
Best practices for anomaly detection
57
SNMP Crack
20
Conclusion
57
SSH brute force
21
Vulnerability disclosures in the irst half of 2012
HTTP Unix passwords
22
58
Shell command injection
23
Web applications
58
Return of web browser exploitation
24
Continuing decline in exploit count
62
Trending in the dark—the afterglow of an attack?
25
CVSS scoring
65
Spoofed denial-of-service attacks
25
Vulnerabilities in enterprise software
66
Targets of denial-of-service attacks
27
Wrap-up
69
Mac malware—major outbreak and targeted attacks
29
Flashback
29
Mac APT
29
Conclusion
30
4
IBM Security Systems
IBM X-Force 2012 Mid-year Trend and Risk Report
Contents
Contents
Sandboxes: Another line of defense
70
An example
89
Remembering your passwords
89
What is a sandbox?
70
How sandboxes work
70
Security questions
89
Sandboxes can help you
71
Two-factor authentication
89
What you can do now
71
Putting it all together
90
What we can expect
72
Secure password hashing—when faster is not always better
91
Attackers will adapt
72
When slower is better
91
Final thoughts
72
Consider the options
92
Auditing made easier with UNIX shell history time stamping
73
A hash of a hash
92
More complex passwords
93
Evaluating the cyber terrain with OCOKA
77
Go slowly
94
Observation
78
Faster, cheaper and powerfully parallel
95
Concealment
79
Obstacles
80
Section IV—Emerging trends in security
97
Key terrain
81
Avenues of approach
82
Inluences of initial bring your own device (BYOD) in most enterprises
97
Using perimeter security to take the risk out of ile transfers
83
State of security
98
Making BYOD work
99
Securing your perimeter
84
Identiication and authentication
99
Best practices
86
Access authorization
100
Information protection
100
Section III—Software development security practices
87
Operating system and application integrity
100
Email password—the keys to your personal online identity
87
Assurance
101
How important is your email password?
87
Incident response
101
Once more into the breach
87
BYOD program deinition and review
101
Why does this matter?
87
Best practices in mobile security
102
What happens next?
87
State of mobile security technologies
102
Forgot your password? Click here to reset
88
Approach trends by industry
104
“Don’t use the same password on different sites”
88
Mobile platform vulnerability management
104
Rules and regulations vs. the real world
88
What is a secure password?
88
5
[ Pobierz całość w formacie PDF ]