Vulnerability Disclosures Skyrocket

Wednesday, September 1, 2010 @ 05:09 PM gHale


Vulnerability disclosures are on the rise reaching record levels for the first half of 2010, according to the IBM X-Force 2010 Mid-Year Trend and Risk Report.
Overall, the X-Force Research and Development team documented 4,396 new vulnerabilities in the first half of 2010, a 36 percent increase over the same time period last year. Over half, 55 percent, of all these disclosed vulnerabilities had no vendor-supplied patch at the end of the period.
Web application vulnerabilities continued to be the leading threat, accounting for more than half of all public disclosures, according to the report. In addition, covert attacks increased in complexity hidden within JavaScript and PDFs, while enterprises noted cloud and virtualization were future area to focus on.
In the first-half of 2010, organizations are doing more to identify and disclose security vulnerabilities than ever before. This in turn is having positive effects on the industry by driving more open collaboration to identify and eliminate vulnerabilities before cybercriminals can exploit them.
Web application vulnerabilities continue to be the largest category of vulnerability disclosures. Web application vulnerabilities surpassed all other threats to account for 55% of all disclosures. While Web application vulnerabilities continue to climb, these figures represent just the tip of the iceberg for the total number of Web application vulnerabilities that exist, as they do not include custom-developed Web applications which also can introduce vulnerabilities.
Covert, hidden attack methods grew in frequency and complexity, especially involving JavaScript. Enterprises are fighting increasingly sophisticated attacks on their computer networks, including advanced persistent threats. These sophisticated attackers are employing covert means to break into networks without being detected by traditional security tools. JavaScript obfuscation is a popular technique used by all classes of computer criminals to hide their exploits within document files and Web pages. IBM detected a 52% increase in obfuscated attacks during the first half of 2010 versus the same period in 2009.
PDF exploits continue to soar as attackers trick users in new ways. X-Force started observing widespread use of PDF-based exploits during the first half of 2009. Since then, it captured three of the top five slots for browser exploits used in the wild. The most significant jump associated with PDF attacks occurred in April, when event activity was almost 37 percent higher than the average for the first half of 2010. IBM also detected this widespread spam campaign, noting the Zeus and Pushdo botnets, some of the most malicious Internet threats, also helped to spread these infected PDF attachments.
Phishing activity declined significantly, but financial institutions remain the top target. Phishing volume has fluctuated over the past few years. The first half of 2010 has only seen a fraction of the phishing attacks seen at the peak in 2009, a decline of almost 82%. Despite this drastic decline, financial institutions are still the number one phishing target, representing 49 percent of all phishing emails, while credit cards, governmental organizations, online payment institutions and auctions represent the majority of other targets.
X-Force Research and Development team has identified some key trends to watch for in the future, including:
Cloud computing: As an emerging technology, security concerns remain a hurdle for organizations looking to adopt cloud computing. As organizations transition to the cloud, they should examine the security requirements of the workloads they intend to host in the cloud, rather than starting with an examination of different potential service providers. Getting a good understanding of the needs and requirements first will help inform a more strategic approach to adopting cloud services.
Virtualization: As organizations push workloads into virtual server infrastructures to take advantage of ever increasing CPU performance, there are questions about the wisdom of sharing workloads with different security requirements on the same physical hardware. X-Force’s vulnerability data shows 35% of vulnerabilities impacting server class virtualization systems affect the hypervisor, which means an attacker with control of one virtual system may be able to manipulate other systems on the same machine. This is a significant data point when architecting virtualization projects.



Leave a Reply

You must be logged in to post a comment.