As enterprises put in place more advanced security software, IT savvy attackers are finding ever more loopholes in the systems for their nefarious activities.
This state-of-the-affairs in IT security matters has been revealed today by global information technology leader IBM.
The IT company released the results of its X-Force 2011 Trend and Risk Report. This report is an annual assessment of the security landscape. It is based on intelligence gathered by one of the industry's leading security research teams through its research of public vulnerability disclosures findings from more than 4,000 clients, and the monitoring and analysis of an average of 13 billion events daily in 2011.
"In 2011, we saw the IT industry continuing to improve the quality of software, but at the same time, cyber criminals are evolving their techniques, taking advantage of the high penetration of mobile devices and the prevalence of social media use, and finding new avenues to breach organisations," said Roman Tuma, director of IBM Security Systems, Growth Markets. "As long as attackers profit from cyber crime, organisations should sharpen their focus in addressing vulnerabilities."
The report shows "surprising improvements in several areas of Internet security such as a reduction in application security vulnerabilities, exploit code and spam," said IBM in a statement. "As a result, the report suggests attackers today are being forced to rethink their tactics by targeting more niche IT loopholes and emerging technologies such as social networks and mobile devices."
The X-Force 2011 Trend and Risk Report shows a 50 percent decline in spam e-mail compared to 2010; more diligent patching of security vulnerabilities by software vendors, with only 36 percent of software vulnerabilities remaining unpatched in 2011 compared to 43 percent in 2010; and higher quality of software application code, as seen in Web-application vulnerabilities called cross site scripting half as likely to exist in clients' software as they were four years ago.
However, the attackers are also adapting their techniques, said IBM in the statement. According to it, there is a rise in emerging attack trends including mobile exploits, automated password guessing, and a surge in phishing attacks.
According to the report, there are positive trends as it appears companies implemented better security practices in 2011:
- Thirty percent decline in the availability of exploit code
- Decrease in unpatched security vulnerabilities
- Fifty percent reduction in cross site scripting (XSS) vulnerabilities due to improvements in software quality
- Decline in spam -IBM's global spam e-mail monitoring network has seen about half the volume of spam e-mail in 2011 that was seen in 2010.
Attackers Adapt Their Techniques in 2011
- Attacks targeting shell command injection vulnerabilities more than double
- Spike in automated password guessing
- Increase in phishing attacks that impersonate social networking sites and mail parcel services
Sign up for Computerworld eNewsletters.