Software vulnerabilities, other e-threats spike, reports IBM

IBM, which published its most recent X-Force trend and risk assessment report on August 25, 2010, revealed that there was a rise in the total number of loopholes found inside computer applications, which hackers were capable of exploiting, during H1-2010.

The report noted that the major security risk was still from software vulnerabilities, at 55% of the total number of public disclosures. State the researchers that the large number of security flaws indicates that cyber-criminals have a golden opportunity for attacking Web-surfers via malware, phishing and other harmful materials.

Referring to other data from the study, it's evident that new vulnerabilities grew to 4,396 in number i.e. at 36% during H1-2010 over H1-2009, while over 50% of them were devoid of security patches.

Moreover, stealthy attacks became more complex using obfuscated JavaScript along with PDFs (Portable Document Formats). Additionally, it was noted that virtualization and cloud computing would be the chief security issues for corporations henceforth.

Meanwhile, during April 2010, PDF attacks grew to the maximum for the year. IBM's Managed Security Services spotted nearly a 37% rise in such assaults against the H1-2010 average. The attacks made up to 3 positions among the top 5 associated with browser exploits being abused.

Moreover, computer criminals have been popularly using JavaScript obfuscation for concealing their attack codes inside websites and document files. IBM spotted 52% more obfuscated attacks in H1-2010 vis-à-vis H1-2009.

Additionally, X-Force's data further indicates that 35% of all security flaws affecting virtualization systems of server class impact the hypervisor. Thus, when an attacker commands over a single virtual system he is likely to compromise and command other systems too that run on that same computer.

In the meantime, there's been an 82% plunge in the total number of e-mail scams wherein cyber-criminals send spoofed messages to Internet-users and attempt at tricking them into viewing corrupt files or accessing phishing websites.

However, even with this dramatic fall, institutions for finance continue to be the maximum targets for phishers at 49%. Other targets that are overwhelmingly being attacked in phishing scams are online payment agencies, government organizations, auction companies and credit cards.

Related article: Software Giant Microsoft Becoming More Spam Affectionate

» SPAMfighter News - 9/3/2010