IBM recently released results from its annual 2009 X-Force Trend
and Risk Report. The report's findings show that existing threats
such as phishing and document format vulnerabilities have continued
to expand, even as clients have generally made strides to improve
security.
The X-Force report reveals three main threats that demonstrate how
in 2009 attackers increasingly targeted people using the Internet
for monetary gain or data theft. The appearance of new malicious
Web links has skyrocketed globally in the past year. Phishing
attacks or sending email that falsely claims to be from a
legitimate organization, also increased dramatically in the second
half of 2009. It surpassed the monthly volume seen in 2008, with
activity coming from countries that had not previously been in the
game.
Vulnerability disclosures for document readers and editors also
continued to soar. Of the two predominant types of document
vulnerabilities - office documents including spreadsheets and
presentations and Portable Document Format (PDF) documents - the
latter has continued to dominate the charts.
“Despite the ever-changing threat landscape, this report
indicates that overall, vendors are doing a better job responding
to security vulnerabilities,” said Chandrasekhar
Balasubramanian, Country Manager – Infrastructure Risk
Management Services, IBM India/South Asia. “However,
attackers have clearly not been deterred, as the use of malicious
exploit code in Web sites is expanding at a dramatic
rate.”
The 2009 X-Force Trends and Risk Report also finds that:
• Vulnerabilities have decreased. Overall, 6,601 new
vulnerabilities were discovered in 2009, an 11 percent decrease
over 2008. The report indicates declines in the largest categories
of vulnerabilities such as SQL Injection, in which criminals inject
malicious code into legitimate Web sites, and ActiveX controls, or
small programs used on the Internet to help with tasks, may
indicate some of the more easily discovered vulnerabilities in
these classes have been eliminated and security is improving.
• Critical and high vulnerabilities with no patch have
decreased significantly year-over-year in several key product
categories. Vulnerabilities with Web browsers and document readers
and editors have decreased, which indicates that software vendors
have become more responsive to security issues.
• Vulnerability disclosures for document readers and editors
and multimedia applications are climbing dramatically. 2009 saw
more than 50 percent more vulnerability disclosures for these
categories versus 2008.
• New malicious Web links have skyrocketed globally. The
number has increased by 345 percent compared to 2008. This trend is
further proof that attackers are successful at both the hosting of
malicious Web pages and that Web browser-related vulnerabilities a
exploitation are netting a serious return.
• Web App vulnerabilities continue to be the largest category
of security disclosures - The number of Web application
vulnerabilities found by organizations has not decreased or become
less of a threat 49 percent of all vulnerabilities are related to
Web applications, with cross-site scripting disclosures surpassing
SQL injection to take the top spot. 67 percent of web application
vulnerabilities had no patch available at the end of 2009.
• Attacks on the Web using obfuscation increased
significantly. Often launched using automated exploit toolkits,
many attacks use obfuscation - an attempt to hide these exploits in
documents and Web pages - to avoid detection by security software.
IBM Managed Security Services detected three to four times the
number of obfuscated attacks in 2009 versus 2008.
• Phishing is still focused on the financial industry. While
some phishing scams target logins and passwords, others attempt to
entice victims into entering detailed personal information by
posing as government institutions. By industry, 61 percent of
phishing emails purport to be sent by financial
institutions, whereas 20 percent purport to come
from government organizations.
“One cause for concern is the rise in the use of exploits
targeting document readers,” said Chandra. “While
vendors appear to respond more effectively with patches for
document reader and editor vulnerabilities, it is apparent based on
the level of exploitation that is still occurring that computer
users may not be vigilant at installing the patches that are
available.”
"Disclaimer Note: "InformationWeek India and UBM India do not endorse, and have not verified the views and claims expressed in this vendor Press Release."