Archive

Archive for the ‘Reports’ Category

IBM X-force Threat Trends Review 2009

September 10th, 2009 Sumit No comments

IBM has been releasing the quarterly reports about current threat trends in information security from some time now.

They have already released their mid-year report which could be found at: http://www-935.ibm.com/services/us/iss/xforce/trendreports/

I have read the 2008 annual reports and this report represents many trend differences as compared to it.

Some of the highlights are: -

  • More use of organized crime for financial gains. Economical gain is still the number 1 cause for all security threats and attackers are keeping ROI in mind while developing attacks.
  • Political/Military gains motivated attacks have also accelerated with time.
  • Design of malware has changed with time and attackers are using newer ways to pentrate into systems.
  • Attacker are selling vulnerable systems to other criminal organizations by displaying the reliability of their deployed mechanisms.
  • Vulnerabilities in terms of CVSS score are high with 30%, medium with 62%, low at 7% and low at 1%
  • Gain access, data manipulation and denial of services are still top 3 vulnerability consequences.
  • Apple reaches number 1 sport and Sun no 2 in terms of disclosed vulnerabilities
  • MS still has no 1 ranking in high vulnerabilities
  • Nearly 49% of all the vulnerabilities disclosed in first half of 2009 had no remedies provided by the vendor.
  • Web application is still the top concern and is a very under-rated problem
  • Of all the vulnerabilities disclosed in 2009 50.4% were related to web based applications
  • Cross-site scripting and sql injections are still no. 1 form of web application attacks
  • 90% of injection attacks are attributed to sql injections. They are being carried out by automated scripts
  • SQL injection attacks have grown by 50% as compared to Q4 2008 and have doubled in Q2 vs Q1 2009
  • Largest number of client-side vulnerabilities exist in browser and their plugins.
  • .pdf files are becoming popular methods of attack because users trust these more than .exe files. In fact pdf files have surpassed office applications in terms of document related vulnerabilities.
  • There has been increase in number of anonymous proxy websites and obfuscated web pages and files.
  • Phishing is down 80% as compared to 2008 report.
  • Trojans are up 9% and have really grown in sophistication
  • Infostealer and downloader areĀ  the top trojans for 2009 so far
  • Hackers continue to take advantage of scareware and trick end users to install fake security software which are malware in reality.
  • Spam is up 40% than 2008, majority being URL based with a life span of 1 week or less. Top 10 popular subject to 38% of all phishing emails
  • Hackers have increased the use of trusted domains with catchy subject lines to attract users.
  • HTML based spam has dominated where as image based has declined since 2008
  • Majority of spam urls last 7 days or less
  • Spam origins from Brazil and India has increased after Q4 2008
  • Financial institutions remain top target of phishing at 66.3% followed by Online payments at 31.4%

I would recommend to read the full report since it provides much more information and will help security professionals to change their focus towards new trends.

– Sumit

Categories: Reports, Security Tags: