So no sooner am I back from the IBM Pulse 2010 conference than IBM releases the results from its latest Annual X-Force Trend and Risk Report from 2009.
Hold on to your passwords, folks…we’re gonna be in for a bumpy ride!
The latest report’s findings show that existing threats like phishing and document format vulnerabilities continued to expand last year, even as clients have generally made progress in improving their overall security.
The IBM X-Force research and development team has been cataloguing, analyzing and researching vulnerability disclosures since 1997.
With more than 48,000 security vulnerabilities catalogued, it has the largest vulnerability database in the world. This unique database helps X-Force researchers to understand the dynamics that make up vulnerability discovery and disclosure.
The latest X-Force reveals three main threats: Malicious Web links, Phishing attacks, and document reader/editor vulnerability disclosures (most notably, PDF docs!).
The report also found that:
- New vulnerabilities have decreased but are still at record levels.
- Critical and high vulnerabilities with no patch have decreased significantly year-over-year in several key product categories.
- Vulnerability disclosures for document readers and editors and multimedia applications are climbing dramatically.
- New malicious Web links have skyrocketed globally.
- Web application vulnerabilities continue to be the largest category of security disclosures.
- Attacks on the Web using obfuscation increased significantly.
- Phishing rates dipped mid-year but rose dramatically in the last half of 2009.
- Phishing still takes advantage of the financial industry to target consumers.
“Despite the ever-changing threat landscape, this report indicates that overall, vendors are doing a better job responding to security vulnerabilities,” said Tom Cross, manager of IBM X-Force Research. “However, attackers have clearly not been deterred, as the use of malicious exploit code in Web sites is expanding at a dramatic rate.”
General manager for IBM’s Tivoli group also chimed in on the report, and more importantly, how IBM could help.
“IBM continues to invest in strategic research like this report to create value for our clients and the security industry,” said Zollar. “With insight from our X-Force research team, our professional and managed services offerings, and our software, we can help enable the most secure IT infrastructure while meeting clients’ risk, governance and compliance requirements.”
You can register to download the full report here.