|
Web Browser Attacks on the up |
|
|
|
Written by CB Team
|
|
Tuesday, 12 February 2008 |
 An organized criminal network is behind a staggering rise in the sophistication of attacks on computers worldwide, according to a new security report from IBM's X-Force security team.
The study finds that a complex and sophisticated criminal economy has developed to capitalize on Web vulnerabilities.
Underground brokers are delivering tools to aid in obfuscation, or camouflaging attacks on browsers, so cybercriminals can avoid detection by security software.
In 2006, only a small percentage of attackers employed camouflaging techniques, but this number soared to 80 percent during the first half of 2007, and reached nearly 100 percent by the end of the year. The X-Force believes the criminal element will contribute to a proliferation of attacks in 2008.
Using these techniques, cybercriminals can infiltrate a user's system and steal their IDs and passwords or obtain personal information like National Identification numbers, Social Security numbers and credit card information.
When attackers invade an enterprise machine, they could steal sensitive company information or use the compromised machine to gain access to other corporate assets behind the firewall.
"Never before have such aggressive measures been sustained by Internet attackers towards infection, propagation and security evasion. While computer security professionals can claim some victories, attackers are adapting their approaches and continuing to have an impact on users' experiences," said Kris Lamb, operations manager, X-Force Research and Development for IBM Internet Security Systems. "The Storm Worm provides a microcosm of the kinds of threats users faced in 2007. All in all, the exploits used to spread Storm Worm are a blend of the various threats tracked by X-Force, including spam, phishing and drive-by-downloads by way of Web browser exploitation."
In other findings, for the first time ever, the size of spam emails decreased sharply to pre-2005 levels. X-Force believes the decrease is linked to the drop off of image-based spam. This decrease can be counted as a win for the security industry -- as anti-spam technologies became more efficient at detecting image-based spam, spammers were forced to turn to new techniques.
The X-Force has been cataloguing, analyzing and researching vulnerability disclosures since 1997. With more than 33,000 security vulnerabilities catalogued, it has the largest vulnerability database in the world.
IBM
 |
|
Last Updated ( Tuesday, 12 February 2008 )
|
Subscribe to this comment's feed
Show/Hide comments
Show/Hide comment form
