Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, July 30, 2008

X-Force® 2008 Trend Statistics

The IBM Internet Security Systems X-Force® research and development team discovers, analyzes, monitors and records a wide array of computer security threats and vulnerabilities.  The implications of these trends provide a useful backdrop in preparing to enhance information security for the remainder of 2008 and beyond.  The overall number of vulnerabilities continued to rise as did the overall percentage of high risk vulnerabilities.  Web-based vulnerabilities and threats continue to increase: Over the past few years, the focus of endpoint exploitation has dramatically shifted from the operating system to the Web browser and multimedia applications.

-- Vulnerabilities affecting Web server applications are climbing and so are the attacks, both evidenced by newcomers to the most vulnerable vendor list and this year’s automated SQL injection attacks.

-- Although standard Web browsers are becoming more secure, attackers continue to rely on automated toolkits, obfuscation, and the prevalence of unpatched browsers and plug-ins to successfully gain hold of new endpoint victims.

-- In the first half of 2008, 94 percent of public exploits affecting Web browserrelated vulnerabilities were released on the same day as the disclosure.

· Independent researchers are almost twice as likely to have exploit code published on the same day as their vulnerability disclosure in comparison to research organizations.

· Although virtual machine breakout vulnerabilities tend to get a lot of attention from the press, they are rare and predominantly target x86 platforms and Type II (virtualization solutions that require a host operating system).

· “Complex” spam (spam that uses images, PDFs, or complex text/HTML) is on the decline and a simpler type of spam is taking its place.

· This simpler spam relies on Web links and short text messages inside spam e-mails, which may be more difficult for some antispam technologies to detect.

· For the first half of 2008, a password stealer family that targets online games is in first place on the top ten malware list, and, in the password stealer category, gamerelated malware takes 50 percent of the top ten spots overall.

http://www-935.ibm.com/services/us/iss/xforce/midyearreport/xforce-midyear-report-2008.pdf

Posted on 07/30
Statistics • (0) CommentsPermalink