Operational Security Practices
Operational security practices explores the weaknesses in process, software, and infrastructure targeted by today’s threats. We discuss web application vulnerabilities, publicly available exploits, trends for enterprise software vendors, suggestions for how to run an incident response team, and the impact social media has had on intelligence gathering. Below are a few of the operational security practices trends we witnessed in 2012. More details are available in the 2012 IBM X-Force Annual Trend and Risk Report.
Web application vulnerabilities grew 14% to 8,168 in 2012 accounting for 43% of all publicly disclosed vulnerabilities. The majority were cross-site scripting related. We categorize web application vulnerabilities in the following ways:
There are few innovations that have impacted the way the world communicates quite as much as social media; however, with the mass interconnection and constant availability of individuals, new vulnerabilities and a fundamental shift in intelligence gathering capabilities has occurred. This fundamental shift in intelligence has provided attackers and security professionals alike with a repository of information useful for enhancing their activities.
This ability to focus on an individual drastically shifts the way attackers see enterprises. Rather than seeing a particular enterprise as an individual entity, attackers are capable of viewing enterprises as a collection of personalities, and can often directly contact them through social networks. This can allow attackers to bypass enterprise email security countermeasures, and if a user is accessing work email at home, it may also allow an them to completely bypass perimeter security.
Much more on these topics including vulnerability disclosures, specific vulnerability issues for Content Management Systems, and recommendations for running an emergency response center can be found in the 2012 IBM X-Force Annual Trend and Risk Report.