Security threats on the Internet, including a 508 percent increase in the number of malicious Web links, have created "an unprecedented state of Web insecurity," according to a report from IBM.
The X-Force 2009 Mid-Year Trend and Risk Report, issued Wednesday, said that security threats to Web surfers are no longer limited to "malicious domains or untrusted Web sites" and now include dangerous content on legitimate Internet sites. The result is "an unprecedented state of Web insecurity as Web client, server and content threats converge to create an untenable risk landscape," according to the report.
"The trends highlighted by the report seem to indicate that the Internet has finally taken on the characteristics of the Wild West, where no one is to be trusted," said X-Force director Kris Lamb, in a statement about the report. "There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We've reached a tipping point where every Web site should be viewed as suspicious and every user is at risk."
The study said there has been a 508 percent increase in the number of new malicious Web links discovered in the first half of the year compared to the same period in 2008. But, more ominously, the report said there has been an increase in malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal Web sites, online magazines and mainstream news sites.
There has been "a significant rise in Web application attacks with the intent to steal and manipulate data and take command and control of infected computers," the report said. A common method is SQL injection attacks where criminals inject malicious code into legitimate Web sites that infect visitors to those sites. The report said the number of SQL injection attacks rose 50 percent from the fourth quarter of 2008 to this year's first quarter, and then nearly doubled again from the first quarter to the second.
The level of veiled Web exploits, particularly in PDF files, "are at an all-time high," the report said, indicating the increased sophistication of attackers. The number of PDF vulnerabilities in the first half of this year surpassed the total for all of 2008, the report said.
Trojans accounted for 55 percent of all new malware, a nine percent increase from the first half of 2008. Information-stealing Trojans are the most prevalent malware category, the report said.
The report did have some good news, however. Phishing incidents have "decreased dramatically," probably because banking Trojans are becoming the preferred means of launching attacks toward financial targets. In the first half of the year 66 percent of all phishing was targeted at the financial industry, down from 90 percent last year.
The report also concluded that the number of software vulnerabilities might have reached a plateau, an indication that software vendors are improving their development quality control. There were 3,240 new vulnerabilities discovered in the first half of 2009, the report said, down 8 percent from the first half of 2008. But nearly half (49 percent) of all discovered vulnerabilities had no vendor-supplied patch by the end of the period, according to the report.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
