Threat Report: Vulnerabilities at Record High

Monday, April 4, 2011 @ 12:04 PM gHale

Security has now become a primary concern of companies in adopting emerging technologies, such as cloud computing and mobile devices as vulnerability disclosures increased 27% in 2010, reaching their highest level in history, according to a new report.

The increase in vulnerability disclosures, which hit 8,562 last year, has had a “significant impact” on IT professionals managing large IT infrastructures, according to the according to the IBM X-Force 2010 Trend and Risk Report.

Close to half of vulnerability disclosures in 2010 were web application flaws, mostly resulting from cross site scripting and SQL injections. These two methods were the most popular for exploiting web application flaws in last year’s report.

“These [web application] vulnerabilities represent just the tip of the iceberg since many organizations develop third-party applications in-house that are not subject to public vulnerability reports”, the report noted.

Although vendors have been diligent in providing patches after establishing there is a vulnerability, at least 44 percent of all vulnerabilities in 2010 still had no corresponding patch by the end of the year, according to the report.

IBM X-Force said quite a few exploits are publicly released months after the public disclosure of the vulnerabilities they target, suggesting attackers are able to use exploit code after patches have been made available.

The SQL Slammer worm, which first emerged in January 2003, continues to be the most common source of malicious Internet traffic, the report said.

The use of the term “advanced persistent threat” became widespread in 2010, after high-profile attacks on corporate enterprises by sophisticated targeted attackers. In addition, botnet activity continued to grow last year.

Not surprisingly, IBM mentioned Stuxnet in the report.
While Stuxnet’s payload might not apply to those that do not have SCADA equipment or the particular SCADA equipment that Stuxnet targets, the infection itself does impact affected computers, according to the report.

Stuxnet contains many components — including kernel-mode drivers — that can affect the reliability and performance of a PC. Stuxnet’s installation of a peer-to-peer communication component opens infected machines to unauthorized remote access, according to the report. A Stuxnet infection can also indicate the presence of unpatched vulnerabilities on networked computers.

One of Stuxnet’s infection vectors is through portable USB drives and the use of the LNK vulnerability (CVE-2010-2568). From a policy perspective, one should review the use of USB drives. Many institutions banned the use of these drives to limit threats that target that transmission method. Also, Stuxnet might not directly impact users, but it will not take long for other malware writers to copy aspects of Stuxnet for their own uses, according to the report. Taking actions to help protect against aspects of Stuxnet will help protect against future threats not yet discovered.