Channels ▼
RSS

Tools

X-Force 2009 Mid-Year Security Report Released



IBM has released results from its X-Force 2009 Mid-Year Trend and Risk Report. According to the report, there has been a 508 % increase in the number of new malicious Web links discovered in the first half of 2009. This problem is no longer limited to malicious domains or untrusted Web sites. The X-Force report notes an increase in the presence of malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal Web sites, online magazines and mainstream news sites. The ability to gain access and manipulate data remains the primary consequence of vulnerability exploitations.

The X-Force report also reveals that the level of veiled Web exploits, especially PDF files, are at an all time high, pointing to increased sophistication of attackers. PDF vulnerabilities disclosed in the first half of 2009 surpassed disclosures from all of 2008. From Q1 to Q2 alone, the amount of suspicious, obfuscated or concealed content monitored by the IBM ISS Managed Security Services team nearly doubled.

"The trends highlighted by the report seem to indicate that the Internet has finally taken on the characteristics of the Wild West where no one is to be trusted," said X-Force Director Kris Lamb. "There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We've reached a tipping point where every Web site should be viewed as suspicious and every user is at risk. The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity."

Web security is no longer just a browser or client-side issue; criminals are leveraging insecure Web applications to target the users of legitimate Web sites. The X-Force report found a significant rise in Web application attacks with the intent to steal and manipulate data and take command and control of infected computers. For example, SQL injection attacks -- attacks where criminals inject malicious code into legitimate Web sites, usually for the purpose of infecting visitors -- rose 50% from Q4 2008 to Q1 2009 and then nearly doubled from Q1 to Q2.

"Two of the major themes for the first half of 2009 are the increase in sites hosting malware and the doubling of obfuscated Web attacks," Lamb said. "The trends seem to reveal a fundamental security weakness in the Web ecosystem where interoperability between browsers, plugins, content and server applications dramatically increase the complexity and risk. Criminals are taking advantage of the fact that there is no such thing as a safe browsing environment and are leveraging insecure Web applications to target legitimate Web site users."

The 2009 Midyear X-Force report also finds that:

  • Vulnerabilities have reached a plateau. There were 3,240 new vulnerabilities discovered in the first half of 2009, an 8% decrease over the first half of 2008. The rate of vulnerability disclosures in the past few years appears to have reached a high plateau. In 2007, the vulnerability count dropped for the first time, but then in 2008 there was a new record high. The annual disclosure rate appears to be fluctuating between six and seven thousand new disclosures each year.
  • PDF vulnerabilities have increased. PDF vulnerabilities disclosed in the first half of 2009 already surpassed disclosures from all of 2008.
  • Trojans account for more than half of all new malware. Continuing the recent trend, in the first half of 2009, Trojans comprised 55% of all new malware, a 9% increase over the first half of 2008. Information-stealing Trojans are the most prevalent malware category.
  • Phishing has decreased dramatically. Analysts believe that banking Trojans are taking the place of phishing attacks geared toward financial targets. In the first half of 2009, 66% of phishing was targeted at the financial industry, down from 90% in 2008. Online payment targets make up 31% of the share.
  • URL spam is still number one, but image-based spam is making a comeback. After nearing extinction in 2008, image-based spam made a comeback in the first half of 2009, yet it still makes up less than 10% of all spam.
  • Nearly half of all vulnerabilities remain unpatched. Similar to the end of 2008, nearly half (49%) of all vulnerabilities disclosed in the first half of 2009 had no vendor-supplied patch at the end of the period.

The X-Force research team has been cataloguing, analyzing and researching vulnerability disclosures since 1997. With more than 43,000 security vulnerabilities catalogued, it has the largest vulnerability database in the world. This database helps X-Force researchers to understand the dynamics that make up vulnerability discovery and disclosure.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video