Skip Links

IBM: Cybersecurity problems are hitting record levels

IBM’s X-Force says first half of 2010 had 36% increase in new vulnerabilities over 2009

By Layer 8 on Wed, 08/25/10 - 4:02pm.

Cybersecurity vulnerabilities in key corporate tools such as Web apps, JavaScriot, PDFs, are increasing dramatically, having reached record levels for the first half of 2010, according to security watchers on IBM's X-Force research and development team.

Overall, 4,396 new vulnerabilities were documented by the X-Force in the first half of 2010, a 36% increase over the same time period last year. Over half, 55%, of all these disclosed vulnerabilities had no vendor-supplied patch at the end of the period, according to the X Force's Mid-Year Trend and Risk Report.

Who really sets global cybersecurity standards?

Web application vulnerabilities continued to be the leading threat, accounting for more than half of all public disclosures, while covert attacks increased in complexity hidden within JavaScript and Portable Document Formats (PDFs) also are on the rise, IBM stated.

 The X-Force details a number of problematic trends.  From the report:

  • Web application vulnerabilities continue to be the largest category of vulnerability disclosures. While Web application vulnerabilities continue to climb at a steady rate, these figures may only represent the tip of the iceberg of total Web application vulnerabilities that exist, as they do not include custom-developed Web applications which can also introduce vulnerabilities.
  • Covert, hidden attack methods grew in frequency and complexity, especially involving JavaScript -- Enterprises are fighting increasingly sophisticated attacks on their computer networks, including Advanced Persistent Threats. These sophisticated attackers are employing covert means to break into networks without being detected by traditional security tools. JavaScript obfuscation is a particularly popular technique used by all classes of computer criminals to hide their exploits within document files and Web pages. IBM detected a 52% increase in obfuscated attacks during the first half of 2010 versus the same period in 2009.
  • PDF exploits continue to soar as attackers trick users in new ways -- X-Force started observing widespread use of PDF-based exploits during the first half of 2009. Since then, it has captured three of the top five slots for browser exploits used in the wild. The most significant jump associated with PDF attacks in 2010 occurred in April, when IBM Managed Security Services detected almost 37 % more attack activity than the average for the first half of 2010. This spike coincided with a widespread spam campaign in which malicious PDF attachments were used to spread the Zeus and Pushdo botnets, some of the most insidious threats on the Internet today.
  • Phishing activity declined significantly, but financial institutions remain the top target -- Phishing volume has fluctuated wildly over the past few years. The first half of 2010 has only seen a fraction of the phishing attacks that were seen at the peak in 2009, a decline of almost 82%. Despite this drastic decline, financial institutions are still the number one phishing target, representing about 49% of all phishing emails, while credit cards, governmental organizations, online payment institutions and auctions represent the majority of other targets.

 

Follow Michael Cooney on Twitter: nwwlayer8  

 

Layer 8 Extra

Check out these other hot stories:

Recovery Act has bolstered energy technology, VP Biden says

Nasty auto robocaller forced to pay $2.3M, sell Mercedes

Astronomers spot largest collection of planets orbiting sun-like star

Open source tools at heart of DARPA's virtual satellite network

Philadelphia not showing any brotherly blogger love: City wants $300 license fee

Tool takes aim at ad attacks

NASA universe-watching satellite losing its cool

Group wants to protect privacy as electronic toll systems grow

Do we need a Federal law for electronics recycling?

NASA's head techie seeks brightest systems engineers of the future

FTC busts domain name scammers

NASA wants small robots to land on the Moon

NASA goes after lighting storms on Earth