Channels ▼

Jonathan Erickson

Dr. Dobb's Bloggers

Annual Security Report Released: Threats On the Rise

February 28, 2010

 IBM has released its annual X-Force Trend and Risk Report and, if you're a bit paranoid about computer security, the news isn't good. And if you aren't paranoid about security, well maybe you should be.

 According to the report, existing threats such as phishing and document format vulnerabilities have continued to expand, stumping security experts in the process.

The X-Force Report reveals three main threats:

  • The number of new malicious web links has skyrocketed globally in the past year.
  • Phishing activity, in which an attacker attempts to acquire sensitive information by masquerading as a legitimate organization, also increased dramatically in the second half of 2009.
  • Vulnerability disclosures for document readers and editors continued to soar, specifically with PDF documents. 

The report goes on to say in more details that:

  • Overall, 6,601 new vulnerabilities were discovered in 2009, an 11% decrease over 2008. The report indicates declines in the largest categories of vulnerabilities such as SQL Injection (in which criminals inject malicious code into legitimate websites) and ActiveX (an Internet Explorer plug-in to help with tasks) may indicate some of the more easily discovered vulnerabilities in these classes have been eliminated and security is improving.
  • Vulnerabilities with web browsers and document readers and editors with no patch have decreased, which indicates that software vendors have become more responsive to security issues.
  • 2009 saw more than 50% more vulnerability disclosures for document readers and editors and multimedia applications versus 2008.
  • New malicious Web links have increased by 345 percent compared to 2008.
  • The number of web application vulnerabilities found by organizations has not decreased or become less of a threat. 49% of all vulnerabilities are related to web applications, with cross-site scripting disclosures surpassing SQL injection to take the top spot. 67% of web application vulnerabilities had no patch available at the end of 2009.
  • Phishing rates dipped mid-year, but rose dramatically in the last half of 2009. Brazil, the U.S, and Russia were the countries where most malicious attacks originated, supplanting Spain, Italy, and South Korea at the top in the 2008 report.
  • 61% of phishing emails purport to be sent by financial institutions, whereas 20% purport to come from government organizations.

 

Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 


Video