IBM Security has launched the X-Force Red Lab network, four cybersecurity facilities focused on testing systems and devices used for IoT, automotive, and automated teller (ATM) machines.
X-Force Red, IBM’s internal white-hat hacking team, will use the labs to test for security weaknesses in devices and software both in pre-release and after deployment. The labs will form a global network of cybersecurity specialists, with locations in Austin, Texas, Atlanta, Georgia, Hursley, England and Melbourne, Australia.
The cybersecurity team is also launching a dedicated ATM security testing practice, as the result of an increase in threats to ATMs worldwide.
A report by the European Association for Secure Transactions (EAST) said that ATM attacks rose by 231% in 2017 over 2016, and the trend is expected to continue. ATM attacks can take the form of a physical attack, malware, or ‘logical attacks’, often involving a black box attached to the ATM to override the device.
According to IBM, in the last year alone, requests for ATM testing by X-Force Red have increased by 300%. At the new facilities, cybersecurity experts will offer comprehensive evaluation of ATM devices, networks, and applications; attacker-minded-testing, and vulnerability remediation recommendations. They will also review ATM processes and practices to ensure organizations comply with industry standards such as the Payment Card Industry Data Security Standard (PCI DSS).
Charles Henderson, Global MP for IBM X-Force Red, noted that the controlled environment of a cybersecurity lab provides the team with the ability to identify and fix vulnerabilities before they are exploited. “IBM X-Force Red has one mission – hack anything to secure everything,” he said. “Via X-Force Red Labs, we have the ability to do just that.”
The IBM X-Force Red team of veteran hackers has doubled in size over the past year – both in number of employees, and in the client base, which has reportedly increased by 170%.
Security testing by X-Force Red provides customers with vulnerability identification, recommendation and remediation both for products in development, and those that have already been deployed. The team can assist with documenting product requirements, analyzing design documentation and risk management, threat modeling, and penetrating testing.
IBM provides updates on X-Force Red, and topics related to cybersecurity, on a weekly podcast on the IBM website called, “X-Force Red in Action.”