follow the money, follow the crime

Download Follow the Money, Follow the Crime

Post on 14-Sep-2014




2 download

Embed Size (px)


Cyber crime is growing in both frequency and sophistication. We all know it is out there but do we know what to look for? Do we know how to combat it? Arm yourself with the latest updates from the X-Force Report of current security risks & trends happening today and our solutions from Trusteer, an IBM company to help you stay one step ahead of cybercriminals. View the full on-demand webcast:



Follow the Money, Follow the Crime

19th March 2014

2012 IBM CorporationIBM Security Systems# 2013 IBM Corporation 2014 IBM CorporationIBM Security Systems#AgendaIBM X-Force Threat Intelligence Quarterly 1Q 2014Michael Hamelin, Lead X-Force Security ArchitectCTO Office, IBM Security Systems

Protecting Enterprise Endpoints against Advanced Malware with Trusteer ApexDana Tamir, Director of Enterprise Security Trusteer, an IBM Company

Connect with IBM Security

Questions? 2014 IBM CorporationIBM Security SystemsIBM X-Force Threat Intelligence Quarterly1Q 2014

Michael HamelinLead X-Force Security ArchitectCTO Office, IBM Security Systems

2012 IBM CorporationIBM Security Systems# 2013 IBM Corporation 2014 IBM CorporationIBM Security Systems#

X-Force is the foundation for advanced security and threat research across the IBM Security Framework

2014 IBM CorporationIBM Security SystemsAdvanced Security and Threat Research, which includes the X-Force team, is the foundation for many of the pillars in the security product portfolio.

As the team tasked with staying on top of the latest threats and vulnerabilities, the information it provides is a critical aspect of providing protection to the other parts of the framework. 4At IBM, the world is our security lab

v13-016,000+IBM researchers, developers, and subject matter experts focused on security3,000+IBM securitypatents

Security Operations CentersSecurity Research and Development LabsInstitute for Advanced Security Branches

2014 IBM CorporationIBM Security SystemsWith more than 6,000 researchers, developers and subject matter experts engaged in security initiatives, IBM operates one of the worlds broadest enterprise security research, development and delivery organizations. This powerful combination of expertise is made up of the award-winning X-Force research and development teamwith one of the largest vulnerability databases in the industryand includes nine security operations centers, nine IBM Research centers, 14 software security development labs and the IBM Institute for Advanced Security with chapters in the United States, Europe and the Asia Pacific region.________________________

Security Operations Centers: Atlanta, Georgia; Boulder, Colorado; Brussels, Belgium; Tokyo, Japan; Brisbane, Australia; Hortolandia, Brazil; Bangalore, India; Wroclaw, PolandNO: Detroit, Michigan; Toronto, Canada; ADD: Riyadh, Saudi Arabia; Heredia, Costa Rica

Security Research Centers: Yorktown Heights, NY; Atlanta, GA; Almaden, CA; Ottawa, Canada; Zurich, CH; Kassel, DE; Herzliya, IL; Haifa, IL; New Delhi, IN; Tokyo, JP

Security Development Labs: Littleton, MA; Raleigh, NC; Atlanta, GA; Austin, TX; Costa Mesa, CA; Fredericton, Canada; Toronto, CAN; Ottawa, CAN; Belfast, NIR; Delft, NL; Pune, IN; Bangalore, IN, Taipei, TW; Singapore, SG; Gold Coast, AU

Note: IBM patent search performed by Paul Landsberg, IBM IP Office

5Collaborative IBM teams monitor and analyze the changing threat landscapeCoverage20,000+ devices under contract3,700+ managed clients worldwide15B+ events managed per day133 monitored countries (MSS)1,000+ security related patents

Depth17B analyzed web pages & images40M spam & phishing attacks76K documented vulnerabilitiesBillions of intrusion attempts dailyMillions of unique malware samples

2014 IBM CorporationIBM Security Systems#IBM X-Force has a long standing history as one of the best known commercial security research and development groups in the worldCan leverage security expertise across IBM to better understand what is happening in securityHave numerous intelligence sources: database of more than 76k security vulnerability monitored every dayGlobal web crawlerInternational spam collectorsWork closely with IBM managed security services group who monitor over 15B security events every day from nearly 4,000 security clients in over 133 countriesAll of this is done to stay ahead of continuing threats for our customers

Our global web crawler is probably the worlds third largest behind Google and Bing. It crawls the web, and we have analyzed and classified over 17B web pages. XForce is particularly interested in files, images, or pages that contain malicious links or content. The team in Kassel Germany who builds our web crawler also developed an anti spam productWe have spam traps around the world, receive large amounts of spam so that we can analyze and understand the different types so that we can preemptively block that spamOur work covers 4 key areas:ResearchEnginesContent DeliverIndustry/Customer deliverables such as this X-Force report, blogs, articles, presentations and speaking engagements

6Attackers optimize and refine target selection

2014 IBM CorporationIBM Security Systems#Attackers are optimizing their operations around many key initiatives which include a path of least resistance to reach the largest number of potential targets for the minimal amount of exploit effort.

For example, attackers are optimizing various points of weak entry: The exploitation of trust via social media.Coordinated operations leaking user data as well as exploiting weak entry points into global brands such as foreign local language or franchise sites.Mobile malware with Android devices as the market expands.Take over of central strategic targets to access and exploit a broader base of end users.Diversion and distraction techniques which throw security administrators off path, while breaching targets under the cover.Cross-platform 0days were an optimization story as well


more thanhalf a billion recordsof personally identifiable information (PII) were leaked in 2013 2014 IBM CorporationIBM Security Systems#2012 was a record year for reported data breaches and security incidents, with a 40 percent increase in total volume over 2011.1 In the first half of 2013, security incidents have already surpassed the total number reported in 2011 and are on track to surpass 2012.

This year kicked off with a number of high profile sophisticated attacks on major websites, media, and tech companies8

2014 IBM CorporationIBM Security Systems#

What is the impact of a data breach and Where are customers most affected? 2014 IBM CorporationIBM Security Systems#Figure 3 illustrates the possible financial impact of a data breach in terms of fines, loss of intellectual property, loss of customer trust, and loss of capital, etc. that an organization of any size might face.

Additionally, of the sampling of security incidents reported by X-Force in 2013, in terms of the country where the attack target was located, more than three quarters of those continue to occur in the United States. This could be based on the fact that many websites are operated from the United States, or possibly that it is more common that U.S. companies and websites are disclosing publicly.

10Weaponized content focused on end user apps

2014 IBM CorporationIBM Security Systems#Attackers use spear-phishing messages to draw users to websites that contain hidden malicious Java applets (exploit sites). Once the user accesses the exploit site, the hidden Java applet exploits vulnerabilities to cause a chain of events that end with the delivery of the malware to the users machine, without the users awareness. Fifty percent (50%) of the exploits observed by X-Force malware research (Trusteer) in December 2013 targeted Java vulnerabilities indicating Java as a high risk application and top target, exposing organizations to attacks.

11Attackers use exploit kits to deliver payloads

Blackhole Exploit KitMost popular in 2013Creator arrested in October

Styx Exploit KitRising in popularitySuccessful in exploiting IE and Firefox on Windows 2014 IBM CorporationIBM Security Systems#Effectively targeting end users


Watering HoleAttacker injects malwareon special interest websiteVulnerable niche users exploitedAttacker injects malwareon ad networkMalicious ad embedded on legitimate websitesVulnerable users exploited

2014 IBM CorporationIBM Security Systems#13

Production ApplicationsDeveloped in houseAcquiredOff-the-shelf commercial appsIn-house developmentOutsourced developmentApplications in DevelopmentWeb app vulnerabilities: the dominant threat

2014 IBM CorporationIBM Security Systems#MH note:maybe hint we still didn't reach 10K vulnerabilities in a year, even though we modified the CVE number scheme to handle it, just thinking of interesting things to talk about.

The declines in vulnerabilities demonstrated at the end of 2013 in both XSS and SQL injection, shown in Figure 11, couldindicate that developers are doing a better job at writing secure web applications, or possibly that traditional targets like content management systems (CMSs) and plug-ins are maturing as older vulnerabilities have been patched.

As noted previously, XSS and SQL injection exploitation continue to be observed in high numbers, indicating there are still legacy systems or other unpatched web applications that remain vulnerable. This is expected, considering there are many thousands of blogs and other websites run by individuals who may not have the skills or awareness to update to later versions of their platform or framework.


Vulnerabilities designed to gain additional or unauthorized accessExploitationGain accessXSS typically attacks web apps 2014 IBM CorporationIBM Security Systems#The most prevalent consequence of vulnerability exploitation was "Gain Access" at 26% of all vulnerabilities reported in 2013. Cross-Site Scripting was the second most prevalent consequence at 18% and typically involves attacks against Web applications.