Today, IBM released the fourth edition of the 2014 IBM X-Force Threat Intelligence Quarterly, which focuses on how the Internet continues to connect more people, places and things, resulting in a new range of security risks. In particular, it takes a closer look at new threats from the Internet of Things (IoT) and the sources of malware and botnet infections.

IoT Transforms Security Landscape

By innovating how we connect, this technology is transforming how security threats are viewed in our lives and in business. Today, it may seem more like a curiosity than a valid business concern. Upon hearing the term “IoT,” many call to mind a circus of devices with esoteric functions, such as Google Glass and the new Apple Watch wearables, or perhaps home automation hardware such as thermostats that are aware of their owners’ presence or refrigerators that post to Facebook when you’re out of milk.

However, in a November 2014 report, analysts estimate that the IoT will represent 30 billion connecting “things” by 2020, growing from 9.9 billion in 2013. These connected “things” are largely driven by intelligent systems collecting and transmitting data. While we are still defining what the IoT is and how it will benefit individuals and enterprises, rest assured that it is a revolution and will take its place among existing emerging technologies such as the cloud, analytics, mobile and social. As with other broad categories of technology such as the cloud or mobile, the IoT can offer productivity and quality-of-life improvements, but it can also drag in its wake a host of unknown security threats. The devices that comprise the broad IoT perform different functions, expose wildly diverse threat surfaces and require security strategies that are specific to each category of device. IBM X-Force has created a model of the IoT that is useful for understanding the security threats at various data flow and control transition points. 

In the past few years, the types of attacks that have been reported across the IoT have been varied, such as the exploitation of Web application vulnerabilities, man-in-the-middle attacks and password attacks. Another important area that is not explored in the report but is important to mention is employees working from home with cable/DSL modems and home routers. When a remote employee’s traffic enters back through the enterprise network, the types of attacks available should be a deep concern for security administrators. This topic was explored in greater depth earlier in the year in an X-Force blog post about remote workers and home security.

Does Developing Secure Software Exclude Hardware Manufacturers?

IBM has cautioned in the past that designing security from the outset and exercising secure development practices is vital to creating secure products. As the “things” that comprise the IoT are developed by multiple manufacturers, this advice becomes more relevant because the consequences affect not just the integrity of data and privacy of the owners of that data, but also the safety of users. To help address the security challenges within the IoT, IBM X-Force recommends that manufacturers do the following:

Reputation Counts: The Sources of Malware and Botnets

This latest report also looks at some findings gleaned from IBM X-Force’s IP Reputation database. IBM X-Force wanted to establish a baseline of the sources of massively distributed malware. It looked at the countries where malicious links are most often hosted and the geographic distribution of botnet command-and-control (C&C) servers.

Download the latest research from IBM X-Force

Typically, attackers use remote code execution to install malware, which may have any number of malicious actions, such as keylogging, screen-grabbing and remote access for the attackers. Those actions all result in stolen data, which the malware reports to its C&C servers. Although the United States hosts the largest number of contaminated IP addresses for both malware and botnet C&C servers, when normalized for addressable IP space, Eastern European countries show the highest infection rates.

More from Threat Research

Operational Technology: The evolving threats that might shift regulatory policy

Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. Attacks on Operational Technology (OT) and Industrial Control Systems (ICS) grabbed the headlines more often in 2022 — a direct result of Russia’s invasion of Ukraine sparking a growing willingness on behalf of criminals to target the ICS of critical infrastructure. Conversations about what could happen if these kinds of systems were compromised were once relegated to “what ifs” and disaster movie scripts. But those days are…

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

Defining the Cobalt Strike Reflective Loader

The Challenge with Using Cobalt Strike for Advanced Red Team Exercises While next-generation AI and machine-learning components of security solutions continue to enhance behavioral-based detection capabilities, at their core many still rely on signature-based detections. Cobalt Strike being a popular red team Command and Control (C2) framework used by both threat actors and red teams since its debut, continues to be heavily signatured by security solutions. To continue Cobalt Strikes operational usage in the past, we on the IBM X-Force…