The Malware Threat Landscape for Power Systems
This webinar addresses the persistent myth that IBM Power systems and IBM i servers are immune to malware threats. Security expert Sandi Moore presents compelling evidence that ransomware and malware attacks are not only possible but increasingly common on Power platforms. The session opens with sobering statistics: 3.4 billion malicious emails sent daily, 255 billion phishing attacks in 2022, and an average of 22 days of downtime following ransomware incidents. Moore emphasizes that Power systems, particularly IBM i with its Integrated File System (IFS), can act as 'typhoid carriers' — hosting infected files without showing symptoms while spreading malware to connected Windows clients. Real-world case studies demonstrate the severity of these attacks, including one customer who suffered 500,000 encrypted files and 248,000 copies of ransomware dropped across their IFS, resulting in two to three weeks of recovery time.
Security Vulnerabilities in IBM i Environments
The presentation identifies critical security weaknesses that make Power systems vulnerable to malware attacks. The root directory on IBM i ships with public *ALL authority, creating an immediate exposure point. Many organizations compound this risk by sharing the root directory over the network and allowing users with *ALLOBJ authority to map drives — a configuration that enables ransomware to encrypt the entire IFS. Moore explains that malware doesn't have its own permissions; it operates with whatever authority the compromised user possesses. Services like FTP and HTTP that auto-start after IPL create unnecessary attack surfaces, especially when they use insecure protocols that transmit credentials in clear text. The session also addresses the false sense of security created by Windows-based scanning tools, which require creating the exact security vulnerabilities (root shares and high-authority users) that should be eliminated.
Defense Strategies and Native Protection
Moore outlines a comprehensive malware defense strategy centered on native virus scanning and layered security controls. Key recommendations include implementing least-privilege access, eliminating root directory shares, restricting service access on a per-user basis, and maintaining current security patches across all connected devices. The presentation emphasizes that regulatory frameworks like HIPAA and Gramm-Leach-Bliley Act explicitly require protection against 'reasonably anticipated threats' — a standard that clearly encompasses malware given current attack statistics. Fortra's PowerTech Antivirus solution is positioned as the answer to native scanning requirements, offering both back-scanning and on-access scanning powered by Trellix (formerly McAfee) technology. The tool includes enhanced ransomware protection that monitors access patterns from Windows workstations and can block attacks in real-time, as demonstrated by a recent customer case where an infected workstation was automatically cut off before widespread damage occurred.
