Embed Size (px)
DESCRIPTION
IBM X-Force Threat Intelligence Quarterly 2Q 2014 Diana Kelley Executive Security Advisor @ DianaKelley14. IBM X-Force is the foundation for advanced security and threat research across the IBM Security Framework. The Mission of X-Force is to… - PowerPoint PPT Presentation
Citation preview
© 2012 IBM Corporation
IBM Security Systems
1© 2014 IBM Corporation
IBM X-Force Threat Intelligence Quarterly2Q 2014
Diana Kelley
Executive Security Advisor
@DianaKelley14
© 2014 IBM Corporation
IBM Security Systems
IBM X-Forceis the foundation for advanced security and threat research across the IBM Security Framework.
© 2014 IBM Corporation
IBM Security Systems
Vulnerability Protection ➥ Reverse engineering and protection for more than 73K vulnerabilities and 400 application protocols housed in the X-Force Database
Malware Analysis ➥ Analysis and defense of malware targeting financial institutions and customers leveraging a network of 100M endpoints across the globe
IP Reputation ➥ Categorization of more than 860K suspect IP addresses into different categories including malware hosts, botnets, spam sources, and anonymous proxies
Web Application Control
➥ Identify and manage the capabilities of more than 2000 web and client applications and actions (e.g. Gmail or Skype)
Web Application Protection
➥ Able to assess and remediate vulnerabilities in mission critical off-the-shelf and custom web applications
URL/Web Filtering ➥ One of the world’s largest URL databases containing categorized information on more than 22 billion URLs
Anti-Spam ➥ Detect spam using known signatures, discover new spam types automatically, 99.9% accurate, near 0% over-blocking; monitoring of more than 7M spam & phishing attacks daily.
The Mission of X-Force is to…
• Monitor and evaluate the rapidly changing threat landscape
• Research new attack techniques and develop protection for tomorrow’s security challenges
• Educate our customers and the general public
• Deliver Threat Intelligence to make IBM solutions smarter
© 2014 IBM Corporation
IBM Security Systems
Coverage
20,000+ devices under contract
3,700+ managed clients worldwide
15B+ events managed per day
133 monitored countries (MSS)
1,000+ security related patents
100M+ customers protected from
fraudulent transactions
Depth
22B analyzed web pages & images
7M spam & phishing attacks daily
73K documented vulnerabilities
860K malicious IP addresses
1000+ malware samples collected daily
Millions of unique malware samples
What we tell our customers:IBM X-Force monitors and analyzes the changing threat landscape
© 2014 IBM Corporation
IBM Security Systems
We are in an era of continuous breaches.
Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014
Operational Sophistication
IBM X-Force declared Year of the
Security Breach
Near Daily Leaks of Sensitive Data
40% increase in reported data
breaches and incidents
Relentless Use of Multiple Methods
500,000,000+ records were leaked, while the future
shows no sign of change
2011 2012 2013
SQL injection
Spear phishing
DDoS Third-party software
Physical access
Malware XSS Watering hole
Undisclosed
Attack types
Note: Size of circle estimates relative impact of incident in terms of cost to business.
© 2014 IBM Corporation
IBM Security Systems
Attackers exploit application vulnerabilities to access sensitive data.
Not testing puts the organization at risk of exposing valuable assets
Broken authentication can result in take over of banking session and funds transfer as if the attacker were the legitimate user.
OpenSSL bug put a huge number of websites at risk for data leakage of private and critical information.
Mitigating potential damages of breached user credentials, SSL certificates, and other sensitive information made cleanup a challenge.
of organizations underestimate the number of web applications they have deployed50%
If your incident response is built around planning for the known situations, you're at a loss. Contents of random access memory (RAM) are now fair game, like data stored on the disk.
Test and Remediate AppVulns
Protect Web Servers
Expect the Unexpected
© 2014 IBM Corporation
IBM Security Systems
Underestimating web applications is not uncommon.
Broken authentication and CSRF occurred in 23% of the 900+ dynamic web app scans tested
© 2014 IBM Corporation
IBM Security Systems
Client requests to perform large-scale, ongoing scanning of live sites has increased.
© 2014 IBM Corporation
IBM Security Systems
Spam continues to be a main channel of malware into company networks.
In March 2014, we saw the highest levels of spam measured during the last two and a half years.
© 2014 IBM Corporation
IBM Security Systems
Attackers are recycling old image-spam techniques to test detection and exploit email inboxes.
© 2014 IBM Corporation
IBM Security Systems
Attackers look for creative ways to evade spam filters - again.
© 2014 IBM Corporation
IBM Security Systems
Attackers are using doctor and medic .ru domains in these attacks.
Since the beginning of February 2014, spammers have used the domains they have purchased for other, non-image based types of spam.
© 2014 IBM Corporation
IBM Security Systems
Spam bot infections are higher in locations still reliant on Windows XP.
In 16 of 20 countries researched for spambot infection, usage of Windows XP is significantly higher than the WW average. In some cases, usage is more than 30%.
© 2014 IBM Corporation
IBM Security Systems
Expanded operations outside of traditional markets occur on a more frequent basis; Incident Response teams must be prepared.
Driven by stiffer regulations on personal data and the importance placed on security breaches, many organizations need answers faster and more efficiently than ever before.
BandwidthData transfers can be limited by slow, unreliable connections.
RAMExternal drives may not be available for storing RAM dump files.
Overnight MailShipping impacted systems and forensics data can be difficult.
Working HoursTime-zone differences can impact work schedules.
Skill SetsSystem administrators may not be trained in incident response.
© 2014 IBM Corporation
IBM Security Systems
15
Connect with IBM X-Force Research & Development
IBM X-Force Security Insights blog at . . / -www SecurityIntelligence com x f
orce
Download IBM X-Force Threat Intelligence Quarterly Reports
:// . . / /http www ibm com security xf/orce
Follow us at @ibmsecurity and @ibmxforce
© 2014 IBM Corporation
IBM Security Systems
16
www.ibm.com/security
© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
www.ibm.com/security
© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
