X-Force – 53% of Security Vulnerabilities Remained Unpatched in 2008
IBM's X-Force research group in its report, "2008 X-Force Trends and Risk", said that nearly 53% of security vulnerabilities detected by the group during 2008 didn't receive patches from vendors even at the end of the year. X-Force recorded 7,406 new security vulnerabilities in entire 2008. IBM also said that the current Common Vulnerability Scoring System mainly deals with the technical aspects of vulnerability.
Cyber criminals are driven by monetary gains they made; therefore, it becomes essential to understand how attackers offset the profits from vulnerability against the expenses incurred in the exploitation of vulnerability, said Kris Lamb, Senior Operation Manager of X-Force Research and Development for IMB Internet Security Systems, as reported by vnunet on February 2, 2009.
The report also indicated that in 2008, the highest number of spam was generated in Russia at 12%, followed by the US and Turkey at 9.6% and 7.8% respectively, but it might be possible that the sender was located in a different country. Moreover, China replaced the US as the highest malicious website hosting country for the first time in 2008.
Besides, 46% of malware attacks included trojans targeting online gamers and people doing online banking, while 90% of phishing attacks were targeted on financial institutions, said the report. The SQL injection attacks also surged significantly in the year 2008.
The new X-Force report also highlighted two important trends noticed in 2008 involving the techniques used by cyber criminals to target users by website attacks. The first trend included emergence of websites as the Achilles' heel for IT security of corporates. Attackers are deliberately making website applications their target to enlarge their network of infected machines.
The second trend included shift in attackers' strategies to provide links to malicious documents (like PDFs) and movies (like Flash). However, it does not mean that they abandoned their traditional modes of attacks comprising exploitation of browser vulnerabilities and ActiveX control to infect computers, but they have added a new armor in their kitty.
Related article: X-Mass Greetings Could Bring Viruses
» SPAMfighter News - 16-02-2009