As the cyberwar against malicious online attacks continues, a few bright spots appeared in 2011, according to IBM's annual X-Force Trend and Risk Report. The good news is that email spam is down dramatically, known vulnerabilities are being patched, and cross-site scripting (XSS)--where attackers inject client-side scripts into Web pages--is on the wane. The bad news is that the attackers are adapting their tactics to exploit new vulnerabilities in mobile devices, social networks, and cloud computers.
This latest assessment was drawn from IBM's database of more than 50,000 computer security vulnerabilities gathered by global Web crawlers and spam collectors, which perform real-time monitoring of 13 billion events per day--more than 150,000 per second--for nearly 4,000 clients in more than 130 countries at nine global Security Operations Centers. Participating enterprises make use of IBM's Internet Threat Alerting System. The system is a web-based portal that assesses the current threat level, measured on a scale of one to five, plus allows drilling down to all aspects of an enterprise's current security status.
Command central for IBM's Internet Threat Alerting System which monitors security for enterprise customers. (Source: IBM)
"Enterprises depend on the Internet for their success today," said Tom Cross, X-Force Strategy and Threat Intelligence Manager. IBM's alerting system ensures "the availability, the reliability and the integrity of their entire online operation as well as the privacy of the data [enterprises are] entrusted with handling,"
The improvements in Internet security for 2011 included a 50 percent decline in email spam compared to 2010, mostly due to authorities taking down several large spam botnets. Also spam filtering showed improvement, yet spammers continued to change their techniques preventing a total elimination of the problem.
IT organizations also made more diligent efforts to patch known vulnerabilities, with 36 percent of software vulnerabilities remaining un-patched in 2011 compared to 43 percent in 2010. Unfortunately, some security vulnerabilities are never patched for technological reasons (such as code in read-only memories of inexpensive mobile devices which cannot be patched).
Higher quality new web-applications were also in evidence in 2011, with a 50 percent reduction in cross-site scripting vulnerabilities compared to four years ago, due to improvements in software quality. Unfortunately, 40 percent of new applications submitted to services like IBM's AppScan OnDemand still contained known vulnerabilities, which had to be found and fixed before release.
The improved security assessment was partly due to changes made by software developers that make it more difficult to exploit vulnerabilities with an associated 30 percent decline over the last four years in the availability of exploit code posted online by skilled hackers.
Unfortunately, attackers also began a regime of adapting their techniques. SQL injection attacks--where users type code into data fields in online forms--dropped by 46 percent in 2011. But automated shell command injection attacks--where software programmatically executes command lines--almost doubled at over the same period. There was also a sharp spike in automated password guessing, with automated scans uncovering many poorly formed passwords, especially on secure shell servers (SSHs).
Phishing attacks impersonating social networking sites and mail-parcel services were also on the rise in 2011 to levels that have not been seen since 2008. The phishing sites entice victims to click on links that then infect their computers with malware, many of these exploits were only performing advertising fraud by redirecting traffic to retail websites.
For the future, IT security staffs need to be especially diligent in the code they distribute under "bring your own device" policies, since mobile device exploits rose 19 percent in 2011. Social media has also been increasingly targeted by exploiting personal data as pre-attack intelligence. Cloud computing also presents new challenges to IT as data leaves an enterprise's control when it is uploaded to cloud providers. IBM recommends that service-level agreements (SLAs) be carefully crafted to exercise control over the ownership, access management, and termination of computer services over the entire lifecycle of a cloud deployments.