subscribe: Daily Newsletter


Cyber attacks on the rise


Cyber attacks are becoming increasingly insidious and more sophisticated. Today, any system that can be accessed through the Internet, an intranet, modem or wireless network is vulnerable. Since the rapid growth of the Internet in the 1990s, cyber attacks have been increasing at an alarming rate, while expert predictions last year indicated an increase in targeted, financially motivated cyber attacks.

According to a recent security statistics report by IBM’s Internet Security Systems (ISS) X-Force research and development team, 2007 has been a bumper year for malware, with new records in volume and sophistication occurring as often as monthly.
"Having identified, studied and analysed more than 210 000 new malware samples throughout the year, X-Force says this figure exceeds the total number of malware samples observed over the whole of 2006," explains Jorina van Rensburg, CEO of Condyn, sole local IBM ISS distributor.
"Trojans have come to the fore as the most popular form of malware this year, accounting for 28 percent of all malware, whereas in 2006, Downloaders were the most common. The figures show that the number of Trojans is nearly double the next closest category, worms, while Downloaders have decreased significantly since last year. The most frequently occurring malware on the Internet wasTrojan.Win32.Agent – there were some 26 573 varieties in the first half of 2007 accounting for 43% of all Trojans."
Last year’s X-Force report showed that managed exploit providers were buying exploit code from the underground, encrypting it so that it could not be pirated and then selling it to spam distributors. This year, a new level of corruption has emerged in the form of exploit leasing, which lets attackers test exploitation techniques with a smaller initial investment.
Evidence also shows that attackers occasionally modify an exploit toolkit if a new exploit becomes public and this has resulted in a market for modified toolkit sales.
X-Force reports a disturbing increase from 50% to 80% this year of web exploits that are obfuscated – including most self-decrypting exploits. (Web obfuscation makes it difficult for signature-based intrusion detection and prevention products to detect attacks). X-Force says the most popular exploit used on the Internet to infect web browsers with malware this year was Visual Studio WMI Object Broker ActiveX, while JavaScript is the most common obfuscation vector.
X-Force has catalogued more than 33 000 security vulnerabilities and maintains the largest and most authoritative vulnerability database in the world. This enables X-Force researchers to understand the dynamics that make up vulnerability discovery and disclosure.
The report names the top three vulnerable vendors in the first half of 2007 as being Microsoft, Apple and Oracle. It has also found that for the first time in the history of the X-Force database, (which was established in 1997), vulnerability disclosure numbers decreased in the first half of the year.
There were a total of 3 273 vulnerabilities entered in the first half of 2007, a 3.3% decrease over the first half of 2006. However, the percentage of high impact vulnerabilities has gone up since 2006 from 16% to 21% for the first half of 2007.
Other findings include:
* January has so far been the busiest month of the year for vulnerabilities, with 600 disclosures.
* The percentage of vulnerabilities that can be exploited remotely has grown in the first half of 2007 to 90% versus 88% in 2006.
* The percentage of vulnerabilities that allow an attacker to gain access to the host after successful exploitation has also risen slightly to 51.6% from 50.6% in 2006.
X-Force’s content filtering services are designed to provide a world-encompassing view of spam and phishing attacks. Actively monitoring millions of e-mail addresses, they have identified numerous advances in the spam and phishing technologies being used by online attackers. Since mid-2005, image-based spam has been one of the biggest anti-spam challenges, but in the first half of 2007, the percentage of image-based spam declined to the level of mid-2006, at just over 30%. X-Force says this is the first time that spam message size has decreased and is a result of spammers adopting and experimenting with newer techniques, such as PDF- and Excel-based spam to evade detection by anti-spam technologies more successfully.
Additional findings include:
* The US, Poland and Russia are the three largest originators of spam worldwide, with the US accounting for one eighth of worldwide spam.
* The US continues to lead the world as the final web destination for products promoted through spam e-mail messages. The US hosts more than one-third of spam-related web sites.
* Europe now accounts for the largest source of phishing e-mail, with Spain taking South Korea’s place and accounting for 17.9% of the worldwide volume alone.
* Almost half of all fraudulent phishing web sites are hosted within the US.
X-Force has found that "unwanted" content decreased to 10% in the first half of 2007, which is down from 12.5% in 2006. The US continues to be the top hosting country for "unwanted" content such as violence and crime, pornography and sex, computer crime and illegal drugs. This continues to mirror the observations from 2006.Web sites that host pornographic or sex-related content account for 9.9% of the Internet.
"Going into 2008, X-Force predicts a lack of exponential growth in vulnerabilities disclosed, a continued growth of targeted and boutique malware such as Trojans and a continued rise in obfuscation techniques for web-based threats," says Van Rensburg.