IBM – Web-borne Malicious Attacks Persistently Growing
A new annual report on Trend and Risk by IBM X-Force confirms that there is a rise in attacks from the Web, with cyber criminals manipulating legitimate websites of business and organizations for the distribution of malicious software and theft of confidential data.
The report also notes that phishing, spam, malware, web-based threats and software vulnerabilities are currently the top subject in the industry. In 2008, over 50% of the security flaws detected were found in web applications, of which over 75% were without patches. As 2008 came to an end, the number of attacks spiked 30 times the volume observed earlier that summer.
Another trend that IBM's report notes is that although attackers still concentrate on ActiveX controls and browsers to hijack users' computers and consequently get hold of valuable information, they are also diversifying their attacks by linking them to malevolent documents like PDFs and movies (Flash).
During Q4 2008, IBM X-Force identified over 50% growth in the total number of malware-rigged URLs harboring exploits, over that of the entire 2007.
Moreover, spammers are shifting their focus to legitimate websites of organizations and businesses to expand their reach as well as applying the method of posting malicious e-mails on news-related websites and well-known blogs.
Kris Lamb, Senior Operations Manager and Global Director, IBM X-Force, says that cyber criminals aim their attacks at businesses as these serve as easy targets when anyone from a corporate house surfs on the Web, as reported by Itp on May 19, 2009.
Lamb further says that targeting businesses is a very old style of bulk attack that exists even today. Since there are several simple measures that businesses can adopt to ensure improved security, it is astonishing how online crooks continue to gain from their malicious efforts, Lamb added.
Regarding the forthcoming security trends, IBM's specialists stated that 2009 would have a number of them, since the company's X-Force team has identified over 1,600 security threats in Q1 2009, with almost 48% of them enabling malicious people to access a compromised computer unlawfully.
Related article: IBM Mainframes’ Vulnerability to Attacks
» SPAMfighter News - 28-05-2009