Cybersecurity vulnerabilities in key corporate tools such as Web apps, JavaScriot, PDFs, are increasing dramatically, having reached record levels for the first half of 2010, according to security watchers on IBM's X-Force research and development team.
Overall, 4,396 new vulnerabilities were documented by the X-Force in the first half of 2010, a 36% increase over the same time period last year. Over half, 55%, of all these disclosed vulnerabilities had no vendor-supplied patch at the end of the period, according to the X Force's Mid-Year Trend and Risk Report.
The X-Force details a number of problematic trends. From the report:
- Web application vulnerabilities continue to be the largest category of vulnerability disclosures. While Web application vulnerabilities continue to climb at a steady rate, these figures may only represent the tip of the iceberg of total Web application vulnerabilities that exist, as they do not include custom-developed Web applications which can also introduce vulnerabilities.
- PDF exploits continue to soar as attackers trick users in new ways -- X-Force started observing widespread use of PDF-based exploits during the first half of 2009. Since then, it has captured three of the top five slots for browser exploits used in the wild. The most significant jump associated with PDF attacks in 2010 occurred in April, when IBM Managed Security Services detected almost 37 % more attack activity than the average for the first half of 2010. This spike coincided with a widespread spam campaign in which malicious PDF attachments were used to spread the Zeus and Pushdo botnets, some of the most insidious threats on the Internet today.
- Phishing activity declined significantly, but financial institutions remain the top target -- Phishing volume has fluctuated wildly over the past few years. The first half of 2010 has only seen a fraction of the phishing attacks that were seen at the peak in 2009, a decline of almost 82%. Despite this drastic decline, financial institutions are still the number one phishing target, representing about 49% of all phishing emails, while credit cards, governmental organizations, online payment institutions and auctions represent the majority of other targets.
Follow Michael Cooney on Twitter: nwwlayer8
Layer 8 Extra
Check out these other hot stories: