Defence In Depth

If you are looking for a free, fast and no non-sense IP scanner for your network (or someone else’s ) you should really give angry IP scanner a try!

It is supported on Windows, Linux and Mac platform and above all its released under open source license, it is not the best port/IP scanner but it solves your purpose.

Link: http://www.angryip.org/w/Home

- Sumit

IBM has been releasing the quarterly reports about current threat trends in information security from some time now.

They have already released their mid-year report which could be found at: http://www-935.ibm.com/services/us/iss/xforce/trendreports/

I have read the 2008 annual reports and this report represents many trend differences as compared to it.

Some of the highlights are: -

• More use of organized crime for financial gains. Economical gain is still the number 1 cause for all security threats and attackers are keeping ROI in mind while developing attacks.
• Political/Military gains motivated attacks have also accelerated with time.
• Design of malware has changed with time and attackers are using newer ways to pentrate into systems.
• Attacker are selling vulnerable systems to other criminal organizations by displaying the reliability of their deployed mechanisms.
• Vulnerabilities in terms of CVSS score are high with 30%, medium with 62%, low at 7% and low at 1%
• Gain access, data manipulation and denial of services are still top 3 vulnerability consequences.
• Apple reaches number 1 sport and Sun no 2 in terms of disclosed vulnerabilities
• MS still has no 1 ranking in high vulnerabilities
• Nearly 49% of all the vulnerabilities disclosed in first half of 2009 had no remedies provided by the vendor.
• Web application is still the top concern and is a very under-rated problem
• Of all the vulnerabilities disclosed in 2009 50.4% were related to web based applications
• Cross-site scripting and sql injections are still no. 1 form of web application attacks
• 90% of injection attacks are attributed to sql injections. They are being carried out by automated scripts
• SQL injection attacks have grown by 50% as compared to Q4 2008 and have doubled in Q2 vs Q1 2009
• Largest number of client-side vulnerabilities exist in browser and their plugins.
• .pdf files are becoming popular methods of attack because users trust these more than .exe files. In fact pdf files have surpassed office applications in terms of document related vulnerabilities.
• There has been increase in number of anonymous proxy websites and obfuscated web pages and files.
• Phishing is down 80% as compared to 2008 report.
• Trojans are up 9% and have really grown in sophistication
• Infostealer and downloader are  the top trojans for 2009 so far
• Hackers continue to take advantage of scareware and trick end users to install fake security software which are malware in reality.
• Spam is up 40% than 2008, majority being URL based with a life span of 1 week or less. Top 10 popular subject to 38% of all phishing emails
• Hackers have increased the use of trusted domains with catchy subject lines to attract users.
• HTML based spam has dominated where as image based has declined since 2008
• Majority of spam urls last 7 days or less
• Spam origins from Brazil and India has increased after Q4 2008
• Financial institutions remain top target of phishing at 66.3% followed by Online payments at 31.4%

I would recommend to read the full report since it provides much more information and will help security professionals to change their focus towards new trends.

– Sumit

Welcome to Defence in Depth!

This is my first blog, i hope i will be able to keep up with the posts here!

I am a fan of multi-layered security model when it comes to Information Security and i hope to share my learnings with you

Thanks for stopping by.

Sumit