Home > readwriteweb > Security Trends: Quality Over Quantity, Mobile Vulnerabilities and the Cloud

Security Trends: Quality Over Quantity, Mobile Vulnerabilities and the Cloud

April 1st, 2011 04:00 admin Leave a comment Go to comments

Paranoia Criminals seem to be taking a quality over quantity approach to malware, phishing and spamming as enterprises face increasingly sophisticated and specialized risks, according to the IBM X-Force 2010 Trend and Risk Report. In 2010, spam and peaked and phishing declined. But total security disclosures increased, and, of course, we saw what happened with Stuxnet.

Stuxnet proved that highly targeted attacks against specialized equipment is no longer a hypothetical threat – it’s a real threat.

Although Stuxnet was the highest profile computer security story of 2010, the Zeus botnet continues to affect far more individuals and organizations. According to the report, Zeus was responsible for stealing more than $1 million from customers of one UK-based financial institution alone. IBM warns that PDF vulnerabilities are a growing way to spread the Zeus trojan, and that FoxIt Reader is not immune to the flaws.

Despite the alarm it caused, the Conficker worm is in decline.

Phishing chart

The good news is that phishing in decline. The peak level of phishing in 2010 was less than 1/4 the peak level of phishing over the past two years. The bad news is that “spear phishing” on the rise. Spear phishing is a more targeted form of phishing – the phisher generally poses as someone the victim knows.

Spam peaked in 2010, reaching its highest level in history, and then leveled off. IBM speculates that this is due to spammers seeing less benefit from high volume spamming. Instead, spammers seem to be focusing on bypassing spam filters. Again, quality over quantity is the new rule.

Mobile OS chart

The number of mobile operating system vulnerabilities increased this year, but malware on mobiles is still uncommon. The biggest security risk remains lost or stolen devices.

vulnerabilities by year

Web applications accounted for nearly half the vulnerabilities disclosed in 2010. Cross-site scripting and SQL injections are the biggest problems, though cross-site scripting is in decline.

Perhaps the scariest fact in the report, however, is that nearly half the vulnerabilties disclosed remain unpatched.

Hypervisors chart

The report also warned of security vulnerabilities in virtualization systems, particularly hypervisor escape vulnerabilities.

Although the number of security vulnerabilities in Web applications and hypervisors may be off-putting. IBM thinks cloud security will eventually improve to such a point that it becomes a driver, instead of an inhibitor, of cloud adoption. We’ve been saying much the same here for some time.

Also of note, IBM is opening the Advanced Institute for Security in Europe in Brussels. The goal of the institute is to connect representatives from the government, private sector and academia with IBM security experts in Europe.

Disclosure: IBM is a ReadWriteWeb sponsor.

Photo credit: Circo de Invierno

Source: Security Trends: Quality Over Quantity, Mobile Vulnerabilities and the Cloud

Related Articles:

  1. Stop Fixing All Security Vulnerabilities, Say B-Sides Security Presenters
  2. NHS Moving To Cloud For Security
  3. Security Expert: Huawei Routers Riddled With Vulnerabilities
  4. Web App Scanners Miss Half of Vulnerabilities
  5. Oracle Fixes 42 Security Vulnerabilities In Java
blog comments powered by Disqus
YOYOYOOYOYOYO