• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • IBM X-Force Says For-Profit Cyber Attacks to Increase in 2007

    February 12, 2007 Alex Woodie

    2006 was a record year for security vulnerabilities, with an average of 20 new flaws discovered every day. But brace yourself for 2007, as cyber criminals grow more sophisticated, requiring more vigilance by companies, according to a recent report issued by IBM‘s Internet Security Systems (ISS) X-Force research and development team.

    There is a caveat to the vulnerability figures listed in the paragraph above. While the number of newly discovered vulnerabilities jumped 40 percent in 2006 compared to 2005-that’s 7,247 vulnerabilities compared to 5,176–the rate of “high impact” vulnerabilities decreased somewhat, from accounting for 28 percent of all vulnerabilities in 2005 to 18 percent in 2006. Numerically, the decrease in the most severe vulnerabilities drops from about 1,450 in 2005 to about 1,300 in 2006.

    That’s where the good news ends. Gunter Ollmann, director of security strategy for IIS, says companies need to stay on high alert. “The security industry has made great progress over the last year, but despite promising statistics [such as the decrease in high-impact vulnerabilities], we predict that 2007 will require even higher levels of vigilance and innovation to deal with emerging threats and new vectors of attack.”

    Of particular note are the camouflaging techniques cyber criminals are using to hide what they’re doing. X-Force reports that about half of the Web sites set up to infect visitors or steal personal information are attempting to obfuscate or camouflage their attack, and about 30 percent are encrypting their payload.

    And while the IT industry scrambled to meet the burgeoning demand for “software as a service,” the cyber criminal underground has been doing the same, with the rise of the “exploits as a service” industry. According to X-Force, the malware industry is ripe for an explosion of “managed exploit providers” who sell exploit code that’s encrypted so it can’t be picked up by the authorities and white hats. The growing sophistication of a sales channel trafficking in exploits will help to render traditional signature-based protection even less effective in the future, X-Force predicts.

    It was another banner year for spammers, too. While it seemed like spam levels couldn’t go much higher, the amount of spam trafficking the Internet managed to increase by a whopping 100 percent last year, according to X-Force. (Although, it must be said, that due to the fact that the vast majority of e-mail already was spam in 2005, the doubling didn’t do much to increase the rate of spam, so maybe you didn’t notice your spam repository–err, your inbox–overflowing just a little more.) Image-based spam, which is tough to detect using traditional methods, is largely to blame for this bump up.

    The X-Force team, picked up by IBM last year in its ISS acquisition, had some other interesting tidbits to share in its report on 2006.

    Among the factoids:

    • The biggest sources of spam are the U.S., Spain, and France.
    • The biggest source of phishing e-mails is South Korea.
    • After English, German is the most popular language in which spam messages are written.
    • The most commonly used exploit to infect Web browsers with malware was the MS-ITS vulnerability, which Microsoft fixed in 2004.

    The 34-page X-Force report can be downloaded in PDF format here.



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: mtfh_rc, Volume 16, Number 5 -- February 12, 2007

    Sponsored by
    Racksquared

    It’s time for IBM Power in the Cloud!

    Stop buying hardware and make the move to the cloud. It’s easier and more cost effective than you might think.

    • IBM Power in the Cloud
    • IBM Power Backup Solutions
    • IBM Power High Availability and DR solutions
    • IBM Power Colocation with Management and Monitoring

    Let’s talk about your business needs.

    Call: 855-380-7225

    Email: Sales@racksquared.com

    www.racksquared.com/ibmsolutions

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Admin Alert: Selectively Sending Break Messages to Active Users Lawson Brings Former Intentia ERP Suite Closer to Landmark

    Leave a Reply Cancel reply

TFH Volume: 16 Issue: 5

This Issue Sponsored By

    Table of Contents

    • Calling All System i5 Innovators
    • Faster i5 595 Rumored to Be Imminent
    • System i5 GM Shearer Chats with iSociety Members
    • IBM Moves OS/400 V5R3 Towards the Door, Rejiggers i5 Prices
    • Avnet’s Second Fiscal Quarter Propped Up By EMEA Sales
    • Zend Upgrades Commercial Add-Ons for Its PHP Engine
    • Sales Up 16 Percent in Q1 as Kronos Launches Wares for Manufacturers
    • As I See It: The Elusive Leader
    • SafeData, Strategic Systems Form Partnership
    • Calling All System i5 Innovators

    Content archive

    • The Four Hundred
    • Four Hundred Stuff
    • Four Hundred Guru

    Recent Posts

    • IBM Mulls Using DataMigrator as Cloud Warehouse Pipeline
    • PowerTech AV Automatically Detects Ransomware Activity
    • Infor Puts CM3 Project On Hold
    • Four Hundred Monitor, June 29
    • IBM i PTF Guide, Volume 24, Number 26
    • Guild Mortgage Takes The 20-Year Option For Modernization
    • IBM i Licensing, Part 3: Can The Hardware Bundle Be Cheaper Than A Smartphone?
    • Guru: The Finer Points of Exit Points
    • Big Blue Tweaks IBM i Pricing Ahead Of Subscription Model
    • We Still Want IBM i On The Impending Power E1050

    Subscribe

    To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

    Pages

    • About Us
    • Contact
    • Contributors
    • Four Hundred Monitor
    • IBM i PTF Guide
    • Media Kit
    • Subscribe

    Search

    Copyright © 2022 IT Jungle

    loading Cancel
    Post was not sent - check your email addresses!
    Email check failed, please try again
    Sorry, your blog cannot share posts by email.