Today, IBM released the fourth edition of the 2014 IBM X-Force Threat Intelligence Quarterly, which focuses on how the Internet continues to connect more people, places and things, resulting in a new range of security risks. In particular, it takes a closer look at new threats from the Internet of Things (IoT) and the sources of malware and botnet infections.

IoT Transforms Security Landscape

By innovating how we connect, this technology is transforming how security threats are viewed in our lives and in business. Today, it may seem more like a curiosity than a valid business concern. Upon hearing the term “IoT,” many call to mind a circus of devices with esoteric functions, such as Google Glass and the new Apple Watch wearables, or perhaps home automation hardware such as thermostats that are aware of their owners’ presence or refrigerators that post to Facebook when you’re out of milk.

However, in a November 2014 report, analysts estimate that the IoT will represent 30 billion connecting “things” by 2020, growing from 9.9 billion in 2013. These connected “things” are largely driven by intelligent systems collecting and transmitting data. While we are still defining what the IoT is and how it will benefit individuals and enterprises, rest assured that it is a revolution and will take its place among existing emerging technologies such as the cloud, analytics, mobile and social. As with other broad categories of technology such as the cloud or mobile, the IoT can offer productivity and quality-of-life improvements, but it can also drag in its wake a host of unknown security threats. The devices that comprise the broad IoT perform different functions, expose wildly diverse threat surfaces and require security strategies that are specific to each category of device. IBM X-Force has created a model of the IoT that is useful for understanding the security threats at various data flow and control transition points. 

In the past few years, the types of attacks that have been reported across the IoT have been varied, such as the exploitation of Web application vulnerabilities, man-in-the-middle attacks and password attacks. Another important area that is not explored in the report but is important to mention is employees working from home with cable/DSL modems and home routers. When a remote employee’s traffic enters back through the enterprise network, the types of attacks available should be a deep concern for security administrators. This topic was explored in greater depth earlier in the year in an X-Force blog post about remote workers and home security.

Does Developing Secure Software Exclude Hardware Manufacturers?

IBM has cautioned in the past that designing security from the outset and exercising secure development practices is vital to creating secure products. As the “things” that comprise the IoT are developed by multiple manufacturers, this advice becomes more relevant because the consequences affect not just the integrity of data and privacy of the owners of that data, but also the safety of users. To help address the security challenges within the IoT, IBM X-Force recommends that manufacturers do the following:

Reputation Counts: The Sources of Malware and Botnets

This latest report also looks at some findings gleaned from IBM X-Force’s IP Reputation database. IBM X-Force wanted to establish a baseline of the sources of massively distributed malware. It looked at the countries where malicious links are most often hosted and the geographic distribution of botnet command-and-control (C&C) servers.

Download the latest research from IBM X-Force

Typically, attackers use remote code execution to install malware, which may have any number of malicious actions, such as keylogging, screen-grabbing and remote access for the attackers. Those actions all result in stolen data, which the malware reports to its C&C servers. Although the United States hosts the largest number of contaminated IP addresses for both malware and botnet C&C servers, when normalized for addressable IP space, Eastern European countries show the highest infection rates.

More from Threat Research

Containers, Security, and Risks within Containerized Environments

Applications have historically been deployed and created in a manner reminiscent of classic shopping malls. First, a developer builds the mall, then creates the various stores inside. The stores conform to the dimensions of the mall and operate within its floor plan. In older approaches to application development, a developer would have a targeted system or set of systems for which they intend to create an application. This targeted system would be the mall. Then, when building the application, they would…

RansomExx Upgrades to Rust

IBM Security X-Force Threat Researchers have discovered a new variant of the RansomExx ransomware that has been rewritten in the Rust programming language, joining a growing trend of ransomware developers switching to the language. Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the…

Defending Education from Cyber Threat Attackers

Threat actors — and particularly ransomware attackers — have education institutions in their crosshairs. From Vice Society’s September attack on schools in California to Snach’s late October assault on schools in Wisconsin, threat actors are not holding back when it comes to preying on schools. K-12 schools are the most vulnerable within the education industry, with many having only small staffs and even smaller budgets for defending against attacks. In addition, attacks have trickle-down effects on school staff, students and…

What Hurricane Preparedness Can Teach Us About Ransomware

Each year between June and November, many parts of the U.S. become potential targets for hurricanes. In October 2022, we had Hurricane Ian devastate Florida. To prepare for natural disasters like hurricanes, organizations are encouraged to build out and test business continuity, disaster recovery, and crisis management plans to use in the response efforts. Millions of dollars each year are spent on natural disaster preparation, but natural disasters are not the only disruption businesses face. While we can’t equate the…