ID :
81283
Wed, 09/23/2009 - 20:11
Auther :
Shortlink :
https://oananews.org//node/81283
The shortlink copeid
IBM REPORT SHOWS WEB INSECURITY
KUALA LUMPUR, Sept 23 (Bernama) -- Results from IBM's X-Force 2009 Mid-Year Trend and Risk Report reveals an unprecedented state of Web insecurity as Web client, server and content threats converge to create an untenable risk landscape.
The report said there has been a 508 per cent increase in the number of new
malicious Web links discovered in the first half of 2009, said IBM in a
statement.
This problem is no longer limited to malicious domains or untrusted Web
sites, it said.
The X-Force report notes an increase in the presence of malicious content on
trusted sites including popular search engines, blogs, bulletin boards, personal
Web sites, online magazines and mainstream news sites, it said.
The ability to gain access and manipulate data remains the primary
consequence of vulnerability exploitations.
" The trends highlighted in the report seem to indicate that the Internet
has finally taken on the characteristics of the Wild West where no one is to be
trusted," said X-Force Director Kris Lamb.
" There is no such thing as safe browsing today and it is no longer the case
that only the red light district sites are responsible for malware. We've
reached a tipping point where every Web site should be viewed as suspicious and
every user is at risk.
" The threat convergence of the Web ecosystem is creating a perfect storm of
criminal activity," said Lamb.
IBM said Web security is no longer just a browser or client-side issue;
criminals are leveraging insecure Web applications to target the users of
legitimate Web sites.
The X-Force report found a significant rise in Web application attacks with
the intent to steal and manipulate data and take command and control of infected
computers.
Two of the major themes for the first half of 2009 are the increase in
sites hosting malware and the doubling of obfuscated Web attacks.
" The trends seem to reveal a fundamental security weakness in the Web
ecosystem where interoperability between browsers, plugins, content and server
applications dramatically increase the complexity and risk.
" Criminals are taking advantage of the fact that there is no such thing as
a safe browsing environment and are leveraging insecure Web applications to
target legitimate Web site users," Lamb said.
The 2009 Midyear X-Force report also finds that vulnerabilities have reached
a plateau.
There were 3,240 new vulnerabilities discovered in the first half of 2009,
an eight per cent drop over the first half of 2008.
The rate of vulnerability disclosures in the past few years appears to have
reached a high plateau, it said.
In 2007, the vulnerability count dropped for the first time, but then in
2008 there was a new record high, it said.
The annual disclosure rate appears to be fluctuating between six and seven
thousand new disclosures each year, it said.
Portable Document Format vulnerabilities disclosed in the first half of 2009
already surpassed disclosures from all of 2008, said IBM.
Trojans account for more than half of all new malware, it said.
Continuing the recent trend in the first half of 2009, Trojans comprised 55
per cent of all new malware, a nine per cent increase over the first half of
2008, it said.
Information-stealing Trojans are the most prevalent malware category but
phishing has dwindled dramatically.
Analysts believe banking Trojans are taking the place of phishing attacks
geared towards financial targets, it said.
In the first half of 2009, 66 per cent of phishing was targeted at the
financial industry, down from 90 per cent in 2008, it said.
Online payment targets make up 31 per cent of the share, it said.
It said URL spam is still number one but image-based spam is making a
comeback.
After nearing extinction in 2008, image-based spam made a comeback in the
first half of 2009, yet it still makes up less than 10 per cent of all spam, it
said.
Similar to the end of 2008, nearly half (49 per cent) of all vulnerabilities
disclosed in the first half of 2009 had no vendor-supplied patch at the end of
the period, it said.
The X-Force research team has been cataloguing, analysing and researching
vulnerability disclosures since 1997, it said.
With more than 43,000 security vulnerabilities catalogued, IBM said it has
the largest vulnerability database in the world.
IBM is one of the world's leading providers of risk and security solutions.
-- BERNAMA
The report said there has been a 508 per cent increase in the number of new
malicious Web links discovered in the first half of 2009, said IBM in a
statement.
This problem is no longer limited to malicious domains or untrusted Web
sites, it said.
The X-Force report notes an increase in the presence of malicious content on
trusted sites including popular search engines, blogs, bulletin boards, personal
Web sites, online magazines and mainstream news sites, it said.
The ability to gain access and manipulate data remains the primary
consequence of vulnerability exploitations.
" The trends highlighted in the report seem to indicate that the Internet
has finally taken on the characteristics of the Wild West where no one is to be
trusted," said X-Force Director Kris Lamb.
" There is no such thing as safe browsing today and it is no longer the case
that only the red light district sites are responsible for malware. We've
reached a tipping point where every Web site should be viewed as suspicious and
every user is at risk.
" The threat convergence of the Web ecosystem is creating a perfect storm of
criminal activity," said Lamb.
IBM said Web security is no longer just a browser or client-side issue;
criminals are leveraging insecure Web applications to target the users of
legitimate Web sites.
The X-Force report found a significant rise in Web application attacks with
the intent to steal and manipulate data and take command and control of infected
computers.
Two of the major themes for the first half of 2009 are the increase in
sites hosting malware and the doubling of obfuscated Web attacks.
" The trends seem to reveal a fundamental security weakness in the Web
ecosystem where interoperability between browsers, plugins, content and server
applications dramatically increase the complexity and risk.
" Criminals are taking advantage of the fact that there is no such thing as
a safe browsing environment and are leveraging insecure Web applications to
target legitimate Web site users," Lamb said.
The 2009 Midyear X-Force report also finds that vulnerabilities have reached
a plateau.
There were 3,240 new vulnerabilities discovered in the first half of 2009,
an eight per cent drop over the first half of 2008.
The rate of vulnerability disclosures in the past few years appears to have
reached a high plateau, it said.
In 2007, the vulnerability count dropped for the first time, but then in
2008 there was a new record high, it said.
The annual disclosure rate appears to be fluctuating between six and seven
thousand new disclosures each year, it said.
Portable Document Format vulnerabilities disclosed in the first half of 2009
already surpassed disclosures from all of 2008, said IBM.
Trojans account for more than half of all new malware, it said.
Continuing the recent trend in the first half of 2009, Trojans comprised 55
per cent of all new malware, a nine per cent increase over the first half of
2008, it said.
Information-stealing Trojans are the most prevalent malware category but
phishing has dwindled dramatically.
Analysts believe banking Trojans are taking the place of phishing attacks
geared towards financial targets, it said.
In the first half of 2009, 66 per cent of phishing was targeted at the
financial industry, down from 90 per cent in 2008, it said.
Online payment targets make up 31 per cent of the share, it said.
It said URL spam is still number one but image-based spam is making a
comeback.
After nearing extinction in 2008, image-based spam made a comeback in the
first half of 2009, yet it still makes up less than 10 per cent of all spam, it
said.
Similar to the end of 2008, nearly half (49 per cent) of all vulnerabilities
disclosed in the first half of 2009 had no vendor-supplied patch at the end of
the period, it said.
The X-Force research team has been cataloguing, analysing and researching
vulnerability disclosures since 1997, it said.
With more than 43,000 security vulnerabilities catalogued, IBM said it has
the largest vulnerability database in the world.
IBM is one of the world's leading providers of risk and security solutions.
-- BERNAMA
