February 02, 2009 IBM announced the results of its 2008 X-Force Trend and Risk report, which found corporations put their own customers at risk for "cybercriminal activities" by failing to properly defend their servers against identified exploits.
Two main trends were reported in the X-Force report. First, today's websites are the "Achilles' heel" for IT security. This is the culmination of the attacker's desire to infiltrate the website's software to allow their applications to infect end-user machines coupled to the corporations using standard, off-the-shelf applications which have known exploits. According to their report. 74% of the web applications deployed have had no patches applied. And trends show the volume of attacks seen at the end of 2008 were 30x greater than the number of attacks seen early in the summer months.
The second major trend is a switch away from primarily browser defect and ActiveX script attacks to those involving Flash and PDFs. The research recorded a 50% increase in Q4'2008 in the number of URLs that were hosting exploits compared to the sum total from all of 2007. Spammers are also switching to these compromised web-site tactics for an expanded reach.
The X-Force report also records that the number of disclosed critical vulnerabilities did not see widespread exploitation. IBM believes the Common Vulnerability Scoring System (CVSS) used today as an industry-standard rating system for virus threats needs to be overhauled.
2009年2月4日星期三
订阅:
博文 (Atom)