IBM said it found surprising improvements in Internet security such as a reduction in application security vulnerabilities, exploit code and spam, but it also noted that those improvements come with a price: Attackers have been forced to rethink their tactics.
IBM’s security group, X-Force, released its 2011 Trend and Risk Report which surveys some 4,000 customers, and the report showed the following:
- Spam out: a 50% decline in spam email compared to 2010.
- Better patching: Only 36% of software vulnerabilities remaining unpatched in 2011 compared to 43% in 2010. Some security vulnerabilities are never patched, but the percentage of unpatched vulnerabilities has been decreasing steadily over the past few years.
- Higher quality of software application code: Web-application vulnerabilities called cross-site scripting (XSS) are half as likely to exist in clients’ software as they were four years ago, IBM stated. However, XSS vulnerabilities still appear in about 40% of the applications IBM scans.
- Fewer exploits: When security vulnerabilities are disclosed, exploit code is sometimes released that attackers can download and use to break into computers. Approximately 30% fewer exploits were released in 2011 than were seen on average over the past four years.
Of course there is a dark side. These are new security problem trends IBM reported:
- Shell command injection vulnerabilities more than doubled: For years, SQL injection attacks against Web applications have been a popular vector for attackers of all types. SQL injection vulnerabilities allow an attacker to manipulate the database behind a website. As progress has been made to close those vulnerabilities — the number of SQL injection vulnerabilities in publicly maintained Web applications dropped by 46% in 2011– some attackers have now started to target shell command injection vulnerabilities instead. These vulnerabilities allow the attacker to execute commands directly on a Web server. Shell command injection attacks rose by two to three times over the course of 2011.
- Automated password guessing: Poor passwords and password policies have played a role in a number of high-profile breaches during 2011. There is also a lot of automated attack activity on the Internet in which attacks scan the ‘Net for systems with weak login passwords. IBM observed a large spike in this sort of password guessing activity directed at secure shell servers in the latter half of 2011.
- Increase in phishing attacks that impersonate social networking sites and mail parcel services: The volume of email attributed to phishing was relatively small over the course of 2010 and the first half of 2011, but phishing came back with a vengeance in the second half, reaching volumes that haven’t been seen since 2008. Many of these emails impersonate popular social networking sites and mail parcel services, and entice victims to click on links to Web pages that may try to infect their PCs with malware. Some of this activity can also be attributed to advertising click fraud, where spammers use misleading emails to drive traffic to retail websites.
Read more ……