[Security] 2011Trend Report Sept
The IBM X-Force 2011 Mid-year Trend and Risk report has been published. Woot!
I have to say, this report is bursting with great information about the latest threats that have occurred in the first half of this year and even though we have witnessed many high-profile security breaches in the beginning of 2011, improvements in areas of computer security are being made, showing that the industry is making headway.
We encourage readers to not only check out the highlights listed here, but read the full report for contributions from our colleagues in Rational AppScan, Emergency Response Services (ERS), Managed Security Services (MSS), BigFix, Guardium and Identity Access and Management. Each of these dedicated security professionals has taken a pro-active approach in their respective articles to assist readers with additional guidance. Understanding threats is the starting point, but knowing what actions to take next is just as important.
So, let’s take a look at some of those highlights.
First the good news…
Advances in Security
We've been doing this report for years and often it seems like the situation is getting worse - more vulns, more exploits, it is nice to see some good news in this data and it's encouraging for those of us who work in security.
The first half of 2011 saw an unexpected decrease in web application vulnerabilities, from 49 percent of all vulnerability disclosures down to 37 percent. This is the first time in five years X-Force has seen a decrease.
High and critical vulnerabilities in web browsers were also at their lowest point since 2007, despite an increasingly complex browser market. These improvements in web browser and application security are important as many attacks are targeted against those categories of software.
Software vendors are doing a better job patching vulnerabilities this year than they have in the past. Last year 44% of the vulnerabilities that were publicly disclosed were never patched by the vendor. No one ever fixed them.
This year that number is down to 37%. It hasn’t been that low in five years. So that’s really significant. It means, again, that people that make software have maybe become a bit more diligent about releasing patches.
As major botnet operators are taken down and off-line by law enforcement officials, the report shows a trend in the decline of spam and more traditional phishing tactics.
After years of consistent spam growth until the middle of 2010, there has been a significant decline in spam volumes in the first half of this year.
In the first half of 2011, the percentage of spam that is phishing on a weekly basis was less than 0.01 percent. Traditional phishing has greatly declined from the levels X-Force was seeing prior to the middle of 2010.
2011: Year of Security Breach
We would be remiss to not mention the shifting climate that is occurring in 2011 with the large number of high-profile attacks and network compromises that have occurred this year. As technologies continue to change and evolve, we see attackers moving into new groups of classification as well.
Off the shelf broad attacks are typically financially motivated botnet builders. This is most of the attack activity that we’ve been seeing and fighting for the past ten years.
Teams of professional attackers motivated by a desire to collect strategic intelligence have been able to gain and maintain access to critical computer networks through a combination of stealth, sophisticated technical capabilities and careful planning. These attackers are often referred to as Advanced Persistent Threats (APTs)
Attacks from ‘hacktivist’ groups, who targeted web sites and computer networks for political ends rather than just financial gain. Hacktivist groups have been successful in using well known, off-the-shelf attack techniques such as SQL Injection, which is one of the most common attack techniques seen in the Internet.
Mobile Exploits on Track to Double
It should not be surprising that Mobile continues to be a highly targeted space for attackers. The number of mobile users continues to grow and smartphone technology is still evolving such that third party applications are pervasive and effective security solutions are still not established. Year after year we have seen this trend continue to rise.
A few other areas of the report that are worth checking out:
• The day SQL Slammer Worm disappeared. Managed Security Services (MSS) analysis showed that a time-based trigger using a Slammer’s server clock was used to shut it down, proving that it was disabled by a single cause. (page 28)
• Recent high profile hacks and attacks have demonstrated that it is likely that your organization will need to perform incident response handling (IRH) to a suspected or valid incident sometime in the future. Some organizations have in-house capabilities to perform IRH while others perform the initial first responder steps, and then seek additional resources from an outside provider. IBM Emergency Response Service (ERS) has developed some suggestions to assist with the initial response. (page 54)