• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • IBM X-Force Says For-Profit Cyber Attacks to Increase in 2007

    February 12, 2007 Alex Woodie

    2006 was a record year for security vulnerabilities, with an average of 20 new flaws discovered every day. But brace yourself for 2007, as cyber criminals grow more sophisticated, requiring more vigilance by companies, according to a recent report issued by IBM‘s Internet Security Systems (ISS) X-Force research and development team.

    There is a caveat to the vulnerability figures listed in the paragraph above. While the number of newly discovered vulnerabilities jumped 40 percent in 2006 compared to 2005-that’s 7,247 vulnerabilities compared to 5,176–the rate of “high impact” vulnerabilities decreased somewhat, from accounting for 28 percent of all vulnerabilities in 2005 to 18 percent in 2006. Numerically, the decrease in the most severe vulnerabilities drops from about 1,450 in 2005 to about 1,300 in 2006.

    That’s where the good news ends. Gunter Ollmann, director of security strategy for IIS, says companies need to stay on high alert. “The security industry has made great progress over the last year, but despite promising statistics [such as the decrease in high-impact vulnerabilities], we predict that 2007 will require even higher levels of vigilance and innovation to deal with emerging threats and new vectors of attack.”

    Of particular note are the camouflaging techniques cyber criminals are using to hide what they’re doing. X-Force reports that about half of the Web sites set up to infect visitors or steal personal information are attempting to obfuscate or camouflage their attack, and about 30 percent are encrypting their payload.

    And while the IT industry scrambled to meet the burgeoning demand for “software as a service,” the cyber criminal underground has been doing the same, with the rise of the “exploits as a service” industry. According to X-Force, the malware industry is ripe for an explosion of “managed exploit providers” who sell exploit code that’s encrypted so it can’t be picked up by the authorities and white hats. The growing sophistication of a sales channel trafficking in exploits will help to render traditional signature-based protection even less effective in the future, X-Force predicts.

    It was another banner year for spammers, too. While it seemed like spam levels couldn’t go much higher, the amount of spam trafficking the Internet managed to increase by a whopping 100 percent last year, according to X-Force. (Although, it must be said, that due to the fact that the vast majority of e-mail already was spam in 2005, the doubling didn’t do much to increase the rate of spam, so maybe you didn’t notice your spam repository–err, your inbox–overflowing just a little more.) Image-based spam, which is tough to detect using traditional methods, is largely to blame for this bump up.

    The X-Force team, picked up by IBM last year in its ISS acquisition, had some other interesting tidbits to share in its report on 2006.

    Among the factoids:

    • The biggest sources of spam are the U.S., Spain, and France.
    • The biggest source of phishing e-mails is South Korea.
    • After English, German is the most popular language in which spam messages are written.
    • The most commonly used exploit to infect Web browsers with malware was the MS-ITS vulnerability, which Microsoft fixed in 2004.

    The 34-page X-Force report can be downloaded in PDF format here.



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: mtfh_rc, Volume 16, Number 5 -- February 12, 2007

    Sponsored by
    Rocket Software

    Disrupt Without Disruption

    For over 35 years, Rocket Software’s solutions have empowered businesses to modernize their infrastructure, unlock data value, and drive transformation – all while ensuring modernization without disruption.

    Learn How

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Admin Alert: Selectively Sending Break Messages to Active Users Lawson Brings Former Intentia ERP Suite Closer to Landmark

    Leave a Reply Cancel reply

TFH Volume: 16 Issue: 5

This Issue Sponsored By

    Table of Contents

    • Faster i5 595 Rumored to Be Imminent
    • IBM Moves OS/400 V5R3 Towards the Door, Rejiggers i5 Prices
    • Zend Upgrades Commercial Add-Ons for Its PHP Engine
    • As I See It: The Elusive Leader
    • Calling All System i5 Innovators
    • System i5 GM Shearer Chats with iSociety Members
    • Avnet’s Second Fiscal Quarter Propped Up By EMEA Sales
    • Sales Up 16 Percent in Q1 as Kronos Launches Wares for Manufacturers
    • SafeData, Strategic Systems Form Partnership
    • IBM X-Force Says For-Profit Cyber Attacks to Increase in 2007

    Content archive

    • The Four Hundred
    • Four Hundred Stuff
    • Four Hundred Guru

    Recent Posts

    • To Comfort The Afflicted And Afflict The Comfortable
    • How FalconStor Is Reinventing Itself, And Why IBM Noticed
    • Guru: When Procedure Driven RPG Really Works
    • Vendors Fill In The Gaps With IBM’s New MFA Solution
    • IBM i PTF Guide, Volume 27, Number 27
    • With Power11, Power Systems “Go To Eleven”
    • With Subscription Price, IBM i P20 And P30 Tiers Get Bigger Bundles
    • Izzi Buys CNX, Eyes Valence Port To System Z
    • IBM i Shops “Attacking” Security Concerns, Study Shows
    • IBM i PTF Guide, Volume 27, Number 26

    Subscribe

    To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

    Pages

    • About Us
    • Contact
    • Contributors
    • Four Hundred Monitor
    • IBM i PTF Guide
    • Media Kit
    • Subscribe

    Search

    Copyright © 2025 IT Jungle