November 17, 2014 By Leslie Horacek 3 min read

Today, IBM released the fourth edition of the 2014 IBM X-Force Threat Intelligence Quarterly, which focuses on how the Internet continues to connect more people, places and things, resulting in a new range of security risks. In particular, it takes a closer look at new threats from the Internet of Things (IoT) and the sources of malware and botnet infections.

IoT Transforms Security Landscape

By innovating how we connect, this technology is transforming how security threats are viewed in our lives and in business. Today, it may seem more like a curiosity than a valid business concern. Upon hearing the term “IoT,” many call to mind a circus of devices with esoteric functions, such as Google Glass and the new Apple Watch wearables, or perhaps home automation hardware such as thermostats that are aware of their owners’ presence or refrigerators that post to Facebook when you’re out of milk.

However, in a November 2014 report, analysts estimate that the IoT will represent 30 billion connecting “things” by 2020, growing from 9.9 billion in 2013. These connected “things” are largely driven by intelligent systems collecting and transmitting data. While we are still defining what the IoT is and how it will benefit individuals and enterprises, rest assured that it is a revolution and will take its place among existing emerging technologies such as the cloud, analytics, mobile and social. As with other broad categories of technology such as the cloud or mobile, the IoT can offer productivity and quality-of-life improvements, but it can also drag in its wake a host of unknown security threats. The devices that comprise the broad IoT perform different functions, expose wildly diverse threat surfaces and require security strategies that are specific to each category of device. IBM X-Force has created a model of the IoT that is useful for understanding the security threats at various data flow and control transition points. 

In the past few years, the types of attacks that have been reported across the IoT have been varied, such as the exploitation of Web application vulnerabilities, man-in-the-middle attacks and password attacks. Another important area that is not explored in the report but is important to mention is employees working from home with cable/DSL modems and home routers. When a remote employee’s traffic enters back through the enterprise network, the types of attacks available should be a deep concern for security administrators. This topic was explored in greater depth earlier in the year in an X-Force blog post about remote workers and home security.

Does Developing Secure Software Exclude Hardware Manufacturers?

IBM has cautioned in the past that designing security from the outset and exercising secure development practices is vital to creating secure products. As the “things” that comprise the IoT are developed by multiple manufacturers, this advice becomes more relevant because the consequences affect not just the integrity of data and privacy of the owners of that data, but also the safety of users. To help address the security challenges within the IoT, IBM X-Force recommends that manufacturers do the following:

Reputation Counts: The Sources of Malware and Botnets

This latest report also looks at some findings gleaned from IBM X-Force’s IP Reputation database. IBM X-Force wanted to establish a baseline of the sources of massively distributed malware. It looked at the countries where malicious links are most often hosted and the geographic distribution of botnet command-and-control (C&C) servers.

Download the latest research from IBM X-Force

Typically, attackers use remote code execution to install malware, which may have any number of malicious actions, such as keylogging, screen-grabbing and remote access for the attackers. Those actions all result in stolen data, which the malware reports to its C&C servers. Although the United States hosts the largest number of contaminated IP addresses for both malware and botnet C&C servers, when normalized for addressable IP space, Eastern European countries show the highest infection rates.

More from X-Force

Strela Stealer: Today’s invoice is tomorrow’s phish

12 min read - As of November 2024, IBM X-Force has tracked ongoing Hive0145 campaigns delivering Strela Stealer malware to victims throughout Europe - primarily Spain, Germany and Ukraine. The phishing emails used in these campaigns are real invoice notifications, which have been stolen through previously exfiltrated email credentials. Strela Stealer is designed to extract user credentials stored in Microsoft Outlook and Mozilla Thunderbird. During the past 18 months, the group tested various techniques to enhance its operation's effectiveness. Hive0145 is likely to be…

Hive0147 serving juicy Picanha with a side of Mekotio

17 min read - IBM X-Force tracks multiple threat actors operating within the flourishing Latin American (LATAM) threat landscape. X-Force has observed Hive0147 to be one of the most active threat groups operating in the region, targeting employee inboxes at scale, with a primary focus on phishing and malware distribution. After a 3-month break, Hive0147 returned in July with even larger campaign volumes, and the debut of a new malicious downloader X-Force named "Picanha,” likely under continued development, deploying the Mekotio banking trojan. Hive0147…

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today