• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • IBM X-Force Says For-Profit Cyber Attacks to Increase in 2007

    February 12, 2007 Alex Woodie

    2006 was a record year for security vulnerabilities, with an average of 20 new flaws discovered every day. But brace yourself for 2007, as cyber criminals grow more sophisticated, requiring more vigilance by companies, according to a recent report issued by IBM‘s Internet Security Systems (ISS) X-Force research and development team.

    There is a caveat to the vulnerability figures listed in the paragraph above. While the number of newly discovered vulnerabilities jumped 40 percent in 2006 compared to 2005-that’s 7,247 vulnerabilities compared to 5,176–the rate of “high impact” vulnerabilities decreased somewhat, from accounting for 28 percent of all vulnerabilities in 2005 to 18 percent in 2006. Numerically, the decrease in the most severe vulnerabilities drops from about 1,450 in 2005 to about 1,300 in 2006.

    That’s where the good news ends. Gunter Ollmann, director of security strategy for IIS, says companies need to stay on high alert. “The security industry has made great progress over the last year, but despite promising statistics [such as the decrease in high-impact vulnerabilities], we predict that 2007 will require even higher levels of vigilance and innovation to deal with emerging threats and new vectors of attack.”

    Of particular note are the camouflaging techniques cyber criminals are using to hide what they’re doing. X-Force reports that about half of the Web sites set up to infect visitors or steal personal information are attempting to obfuscate or camouflage their attack, and about 30 percent are encrypting their payload.

    And while the IT industry scrambled to meet the burgeoning demand for “software as a service,” the cyber criminal underground has been doing the same, with the rise of the “exploits as a service” industry. According to X-Force, the malware industry is ripe for an explosion of “managed exploit providers” who sell exploit code that’s encrypted so it can’t be picked up by the authorities and white hats. The growing sophistication of a sales channel trafficking in exploits will help to render traditional signature-based protection even less effective in the future, X-Force predicts.

    It was another banner year for spammers, too. While it seemed like spam levels couldn’t go much higher, the amount of spam trafficking the Internet managed to increase by a whopping 100 percent last year, according to X-Force. (Although, it must be said, that due to the fact that the vast majority of e-mail already was spam in 2005, the doubling didn’t do much to increase the rate of spam, so maybe you didn’t notice your spam repository–err, your inbox–overflowing just a little more.) Image-based spam, which is tough to detect using traditional methods, is largely to blame for this bump up.

    The X-Force team, picked up by IBM last year in its ISS acquisition, had some other interesting tidbits to share in its report on 2006.

    Among the factoids:

    • The biggest sources of spam are the U.S., Spain, and France.
    • The biggest source of phishing e-mails is South Korea.
    • After English, German is the most popular language in which spam messages are written.
    • The most commonly used exploit to infect Web browsers with malware was the MS-ITS vulnerability, which Microsoft fixed in 2004.

    The 34-page X-Force report can be downloaded in PDF format here.



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: mtfh_rc, Volume 16, Number 5 -- February 12, 2007

    Sponsored by
    Raz-Lee Security

    Raz-Lee Security is the leader in security and compliance solutions that guard business-critical information on IBM i servers. We are committed to providing the best and most comprehensive solutions for compliance, auditing, and protection from threats and ransomware. We have developed cutting-edge solutions that have revolutionized analysis and fortification of IBM i servers.

    Raz-Lee’s flagship iSecurity suite of products is comprised of solutions that help your company safeguard and monitor valuable information assets against intrusions. Our state-of-the-art products protect your files and databases from both theft and extortion attacks. Our technology provides visibility into how users access data and applications, and uses sophisticated user tracking and classification to detect and block cyberattacks, unauthorized users and malicious insiders.

    With over 35 years of exclusive IBM i security focus, Raz-Lee has achieved outstanding development capabilities and expertise. We work hard to help your company achieve the highest security and regulatory compliance.

    Key Products:

    • AUDIT
    • FIREWALL
    • ANTIVIRUS
    • ANTI-RANSOMWARE
    • MULTI-FACTOR AUTHENTICATION
    • AP-JOURNAL
    • DB-GATE
    • FILESCOPE
    • COMPLIANCE MANAGER
    • FIELD ENCRYPTION

    Learn about iSecurity Products at https://www.razlee.com/isecurity-products/

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Admin Alert: Selectively Sending Break Messages to Active Users Lawson Brings Former Intentia ERP Suite Closer to Landmark

    Leave a Reply Cancel reply

TFH Volume: 16 Issue: 5

This Issue Sponsored By

    Table of Contents

    • Calling All System i5 Innovators
    • Faster i5 595 Rumored to Be Imminent
    • System i5 GM Shearer Chats with iSociety Members
    • IBM Moves OS/400 V5R3 Towards the Door, Rejiggers i5 Prices
    • Avnet’s Second Fiscal Quarter Propped Up By EMEA Sales
    • Zend Upgrades Commercial Add-Ons for Its PHP Engine
    • Sales Up 16 Percent in Q1 as Kronos Launches Wares for Manufacturers
    • As I See It: The Elusive Leader
    • SafeData, Strategic Systems Form Partnership
    • Calling All System i5 Innovators

    Content archive

    • The Four Hundred
    • Four Hundred Stuff
    • Four Hundred Guru

    Recent Posts

    • The IBM i Power10 Upgrade Cycle Forecast Looks Favorable
    • White Hats Completely Dismantle Menu-Based Security
    • Cloud Software To Drive Enterprise Application Growth
    • How Do You Stay In Touch With The IBM i Community?
    • IBM i PTF Guide, Volume 25, Number 6
    • Security Still Top Concern, IBM i Marketplace Study Says
    • Bob Langieri Shares IBM i Career Trends Outlook for 2023
    • Kisco Brings Native SMS Messaging to IBM i
    • Four Hundred Monitor, February 1
    • 2023 IBM i Predictions, Part 4

    Subscribe

    To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

    Pages

    • About Us
    • Contact
    • Contributors
    • Four Hundred Monitor
    • IBM i PTF Guide
    • Media Kit
    • Subscribe

    Search

    Copyright © 2022 IT Jungle

    loading Cancel
    Post was not sent - check your email addresses!
    Email check failed, please try again
    Sorry, your blog cannot share posts by email.