IBM Report: Stealthy, Targeted Online Attacks Continue to Grow

Report from IBM's ISS X-Force division points to increase in malware and sophistication


Second, the increased use of fuzzing by vulnerability researchers over the last two years has uncovered many of the easier to find vulnerabilities. Fuzzing is a testing technique through which random datais supplied to a software program to try to get it to fail and therefore detect vulnerabilities. "As more technologies and software get exposed to fuzzing and automated bug finding tools, the industry begins to reach a saturation point in the discovery of these types of vulnerabilities, ultimately contributing to the decrease in overall vulnerability disclosures," said Lamb.

Finally, the number of common coding mistakes and bugs is decreasing as a result of software and technology vendors adopting more secure software development lifecycles and more prudent secure coding practices.

A similarly unexpected trend in this report is that, for the firsttime, spam message size decreased instead of continuing on a linear growth pattern. This decrease corresponds with a decrease in image-based spam. Since mid-2005, image-based spam has been one of the biggest anti-spam challenges, but in the first half of 2007, the percentageof image-based spam declined to the level of mid-2006, at just over 30 per cent. At the end of 2006, image-based spam accounted for more than 40 percent of spam messages.

"The decrease in spam message size and image-based spam is a result of spammers adopting and experimenting with newer techniques, such as PDF- and Excel-based spam, as a means to more successfully evade detection by anti-spam technologies," said Lamb.

The X-Force has been cataloguing, analysing and researching vulnerability disclosures since 1997. With more than 33,000 security vulnerabilities catalogued, it has the largest vulnerability database in the world. This unique database helps X-Force researchers to understandthe dynamics that make up vulnerability discovery and disclosure. Inaddition to the vulnerabilities catalogued in its X-Force database, IBM ISS content filtering services are designed to provide a world-encompassing view of spam and phishing attacks. With millions of e-mailaddresses actively monitored, ISS has identified numerous advances in the spam and phishing technologies used by online attackers. The X-Force report also discusses the following key security statistics forthe first half of 2007, among others:

* January has so far been the busiest month of the year for vulnerabilities, with 600 disclosures.

* Spain has taken South Korea's place as the highest source of phishing e-mails, accounting for 17.9 percent of the worldwide volume.

* The percentage of vulnerabilities that can be exploited remotelyhas grown in the first half of 2007 to 90 per cent versus 88 percentin 2006.

* The percentage of vulnerabilities that allow an attacker to gainaccess to the host after successful exploitation has also risen slightly to 51.6 per cent from 50.6 per cent in 2006.

* Currently, about 10 per cent of the Internet consists of unwanted content such as pornography, crime, adult or socially deviant material.

For the remainder of 2007 and into 2008, X-Force expects to observe a lack of exponential growth in vulnerabilities disclosed, the continued growth of targeted and boutique malware such as Trojans and a continued rise in obfuscation techniques for Web-based threats.