IBM X-Force Report Reveals Phishing, Document-Related Threats Rising Dramatically
February 2010 by IBM X-Force Security
IBM released results from its annual IBM X-Force 2009 Trend and Risk Report. The report’s findings show that existing threats such as phishing and document format vulnerabilities have continued to expand, even as clients have generally made strides to improve security.
The IBM X-Force(R) Report reveals three main threats that demonstrate how attackers increasingly targeted people using the Internet for monetary gain or data theft. The number of new malicious Web links has skyrocketed globally in the past year. Phishing activity, in which an attacker attempts to acquire sensitive information by masquerading as a legitimate organization, also increased dramatically in the second half of 2009. Vulnerability disclosures for document readers and editors continued to soar, specifically with Portable Document Format (PDF) documents.
The IBM X-Force(R) 2009 Trend and Risk Report also finds that:
· New Vulnerabilities have decreased but are still at record levels.
Overall, 6,601 new vulnerabilities were discovered in 2009, an 11 percent decrease over 2008. The report indicates declines in the largest categories of vulnerabilities such as SQL Injection, in which criminals inject malicious code into legitimate Web sites, and ActiveX, an Internet Explorer plug-in to help with tasks, may indicate some of the more easily discovered vulnerabilities in these classes have been eliminated and security is improving.
· Critical and high vulnerabilities with no patch have decreased significantly year-over-year in several key product categories.
Vulnerabilities with Web browsers and document readers and editors with no patch have decreased, which indicates that software vendors have become more responsive to security issues.
· Vulnerability disclosures for document readers and editors and multimedia applications are climbing dramatically.
2009 saw more than 50 percent more vulnerability disclosures for these categories versus 2008.
· New malicious Web links have skyrocketed globally.
The number has increased by 345 percent compared to 2008. This trend is further proof that attackers are successful at both the hosting of malicious Web pages and that Web browser-related vulnerabilities and exploitation are likely netting a serious return.
· Web App vulnerabilities continue to be the largest category of security disclosures.
The number of Web application vulnerabilities found by organizations has not decreased or become less of a threat. Forty-nine percent of all vulnerabilities are related to Web applications, with cross-site scripting disclosures surpassing SQL injection to take the top spot. Sixty-seven percent of web application vulnerabilities had no patch available at the end of 2009.
· Attacks on the Web using obfuscation increased significantly.
Often launched using automated exploit toolkits, many attacks use obfuscation - an attempt to hide these exploits in documents and Web pages - to avoid detection by security software. IBM Managed Security Services detected three to four times the number of obfuscated attacks in 2009 versus 2008.
· Phishing rates dipped mid-year but rose dramatically in the last half of 2009.
Brazil, USA and Russia were the countries where most malicious attacks originated, supplanting Spain, Italy and South Korea at the top in the 2008 report.
· Phishing still takes advantage of the financial industry to target consumers.
While some phishing scams target logins and passwords, others attempt to entice victims into entering detailed personal information by posing as government institutions. By industry, 61 percent of phishing emails purport to be sent by financial institutions, whereas 20 percent purport to come from government organizations.
“Despite the ever-changing threat landscape, this report indicates that overall, vendors are doing a better job responding to security vulnerabilities,” said Tom Cross, manager of IBM X-Force Research. “However, attackers have clearly not been deterred, as the use of malicious exploit code in Web sites is expanding at a dramatic rate.”
The IBM X-Force® research and development team has been cataloguing, analyzing and researching vulnerability disclosures since 1997. With more than 48,000 security vulnerabilities catalogued, it has the largest vulnerability database in the world. This unique database helps X-Force researchers to understand the dynamics that make up vulnerability discovery and disclosure.
“IBM continues to invest in strategic research like this report to create value for our clients and the security industry,” said Al Zollar, general manager, Tivoli Software, IBM Software Group. “With insight from our X-Force research team, along with our professional and managed services offerings, we can help enable the most secure IT infrastructure while meeting clients’ risk, governance and compliance requirements.”
IBM is one of the world’s leading providers of risk and security solutions. Through product offerings, professional security services and managed security services, IBM provides ultimate flexibility and breadth of solutions as a trusted security partner. Clients around the world team with IBM to help reduce the complexities of security and strategically manage risk. The IBM experience and range of risk and security solutions — from dedicated research, software, hardware, services and global Business Partner relationships — are unsurpassed, helping clients secure business operations and implement company-wide, integrated risk management programs.