Today, IBM released the fourth edition of the 2014 IBM X-Force Threat Intelligence Quarterly, which focuses on how the Internet continues to connect more people, places and things, resulting in a new range of security risks. In particular, it takes a closer look at new threats from the Internet of Things (IoT) and the sources of malware and botnet infections.
IoT Transforms Security Landscape
By innovating how we connect, this technology is transforming how security threats are viewed in our lives and in business. Today, it may seem more like a curiosity than a valid business concern. Upon hearing the term “IoT,” many call to mind a circus of devices with esoteric functions, such as Google Glass and the new Apple Watch wearables, or perhaps home automation hardware such as thermostats that are aware of their owners’ presence or refrigerators that post to Facebook when you’re out of milk.
However, in a November 2014 report, analysts estimate that the IoT will represent 30 billion connecting “things” by 2020, growing from 9.9 billion in 2013. These connected “things” are largely driven by intelligent systems collecting and transmitting data. While we are still defining what the IoT is and how it will benefit individuals and enterprises, rest assured that it is a revolution and will take its place among existing emerging technologies such as the cloud, analytics, mobile and social. As with other broad categories of technology such as the cloud or mobile, the IoT can offer productivity and quality-of-life improvements, but it can also drag in its wake a host of unknown security threats. The devices that comprise the broad IoT perform different functions, expose wildly diverse threat surfaces and require security strategies that are specific to each category of device. IBM X-Force has created a model of the IoT that is useful for understanding the security threats at various data flow and control transition points.
In the past few years, the types of attacks that have been reported across the IoT have been varied, such as the exploitation of Web application vulnerabilities, man-in-the-middle attacks and password attacks. Another important area that is not explored in the report but is important to mention is employees working from home with cable/DSL modems and home routers. When a remote employee’s traffic enters back through the enterprise network, the types of attacks available should be a deep concern for security administrators. This topic was explored in greater depth earlier in the year in an X-Force blog post about remote workers and home security.
Does Developing Secure Software Exclude Hardware Manufacturers?
IBM has cautioned in the past that designing security from the outset and exercising secure development practices is vital to creating secure products. As the “things” that comprise the IoT are developed by multiple manufacturers, this advice becomes more relevant because the consequences affect not just the integrity of data and privacy of the owners of that data, but also the safety of users. To help address the security challenges within the IoT, IBM X-Force recommends that manufacturers do the following:
- Follow the Open Web Application Security Project IoT top 10 practices;
- Build a secure design and development practice;
- Perform regular security testing on products;
- Follow industry guidance such as the IBM Automotive Security Point of View.
Reputation Counts: The Sources of Malware and Botnets
This latest report also looks at some findings gleaned from IBM X-Force’s IP Reputation database. IBM X-Force wanted to establish a baseline of the sources of massively distributed malware. It looked at the countries where malicious links are most often hosted and the geographic distribution of botnet command-and-control (C&C) servers.
Typically, attackers use remote code execution to install malware, which may have any number of malicious actions, such as keylogging, screen-grabbing and remote access for the attackers. Those actions all result in stolen data, which the malware reports to its C&C servers. Although the United States hosts the largest number of contaminated IP addresses for both malware and botnet C&C servers, when normalized for addressable IP space, Eastern European countries show the highest infection rates.