Tip:
Highlight text to annotate it
X
HAMELIN: How with these attacks we always look at, are they opportunity attacks
or do we really see targeted attacks at a platform.
So in this case, we're starting to see the methodology and the psychology,
that the attackers move is showing that there is an ROI and they're investing money.
POWERS: That's Michael Hamelin, and he's a security architect
for IBM's X-Force team talking about emerging psychology
of attackers on mobile device platforms.
Welcome to This Week on developerWorks.
I'm your host, Calvin Powers.
I invited Michael to join us on today's episode
because the X-Force team has just released their Mid-Year 2013 Trends and Risk Report.
I wanted Michael to tell us a little bit about some of the key findings of that report,
but first I asked him to tell us a little bit about what the X-Force team is.
HAMELIN: X-Force represents several groups in IBM, so we have folks in the Advanced Research
and Threat Group, we have guys that work on the threat protection network engine,
we have folks in the professional services teams as well as in the managed service.
We track all of the vulnerabilities and exploits out on the Internet as well
as research attack methodologies and hacking trends.
We also have groups in MSS who monitor our client data and look for trends
across 4,000 clients in 133 countries.
They can monitor about 20 billion events a day.
Som we get a good understanding of trends that are happening live as they impact customers.
POWERS: Before we get into some of the new trends,
I asked Michael to tell us what the X-Force team is seeing in terms of some
of the existing legacy attacks that we've been fighting for years.
HAMELIN: As we research the incidents that happened across the Internet in the first half
of this year, we find that there's still a lot of those that are tried-and-true techniques.
SQL injection, cross-site scripting, these are still common attack tools
that are used by the bad guys out there.
And we know that they're perfectly preventable.
We know we can find them pre-attack in source code audits and scanning of our web apps,
and we know that we can protect them with a network protection suite.
So we think they're very preventable, and it's interesting that they're still one
of the number one trends for how we exfiltrate data from data breaches.
POWERS: In the past X-Force reports, there's been a lot of discussion
about the importance and need for strong passwords.
But in the Mid-Year 2013 Report there's an added emphasis on avoiding duplicate passwords.
I asked Michael to explain.
HAMELIN: Yes, so we've always had attackers that are trying
to attack we know targeted accounts, so they want to go
after your financial accounts, directly attacking the bank.
But as banks added protection and we've gotten better at fraud protection,
with the educated users that a bank will never e-mail you and ask you for your password,
these techniques became less profitable.
What has become the secondary attack is I'll attack an Internet provider,
so a cloud-based service like Evernote or LinkedIn, one of these accounts
where there's hundreds of thousands of users and accounts that I can steal.
So in one fell swoop I get hundreds of thousands of accounts,
and now it's up to a matter of cracking those passwords.
If they're easy to crack, then I can go look for other services
that username and password will work on.
If it's stolen one time from Facebook or LinkedIn, then if we actually use that as well
in our bank, then that means our bank password was breached,
it's out there on the Internet somewhere, and even though the bank wasn't directly attacked.
POWERS: We'll be having a follow-on episode this week on developerWorks devoted exclusively
to all of the different types of social media attacks
that are documented in the latest X-Force report.
But on this episode, I wanted Michael to focus on one particular social media attack,
the rise of fake profiles and fake identities on social networks
and why businesses should be concerned.
HAMELIN: It's an awareness that it's a business tool now, and the case we highlighted
in social media was last year in the case with Robin Sage was created
to spoof being a researcher in the cyber space, and was able to make up a profile
and get hundreds of connections into other DoD contractors, three-letter agencies,
other forms of the government, just by appearing to be a valid security researcher.
And we see that trend of fake accounts being used,
so it's kind of a reputation stealing, if you will, right?
We see fake accounts pop up on LinkedIn where people fake what company they work for,
trying to get information on a new company or even trying to fake job posts,
resumes, w see fake accounts on Facebook.
All the time these things just started popping up,
and a lot of companies have ignored it thinking it's kind of this social media tool,
it's something that people play with at home, it's not a business tool.
But it's kind of, the world's changed in the last couple of years,
and it is part of the business world.
POWERS: Social media attacks are getting a lot of press these days.
But the attackers are also still keenly focused on finding weaknesses
in technology platforms and exploiting them.
And those types of attacks are evolving over time, and I asked Michael to explain.
HAMELIN: So there's been an expansion in some
of the mobile attacks, specifically targeting Android.
Some of the research in the report we went and pulled what we found out on the Internet
from lots of other researchers and started putting that together to try
and paint a picture of where we see it going.
With these attacks, we always look at, are they opportunity attacks,
or do we really see targeted attacks at a platform?
So in this case we're starting to see the methodology and the psychology
that the attackers move is showing that there is an ROI and they're investing money.
So we saw two different toolkits on Android that had a lot of sophistication built into them,
techniques to try and hide themselves, spread a lot of sophistication built into the framework.
POWERS: Given the fact that attackers are focusing their attention
on mobile device platforms, I asked Michael to comment on the importance
of mobile device management in IT security.
HAMELIN: It is.
It's one of those things that we point out that even though this is out there,
there's also another side of it is that the majority of the malware samples that are found
on Android are not from Google Play.
They're found in these third-party sites that are, some of them are...some
of them are app stores set up just to deliver malicious apps.
MDM platform and controlling where your users get your applications is the first step
for making sure that you cut out most of this bad stuff coming in.
POWERS: Thanks, Michael.
Don't forget that you can download the full report at ibm.co/x-force2013.
That's ibm.co/x-force2013.
That's all the time we have for this week on developerWorks.
We'll see you next week.