Hey Frenzzz...
IBM today released its semi-annual report of the traditional X-Force, covering the period of the second half of 2011. The main conclusion of the report is to ensure that hackers attack the smaller, but much more accurate. If in the past year, attacks were massive, but now they are the target and in some cases, they are generally focused on a group of users or a specific user. The authors say that in general, attackers are now reconsidering their strategy, shifting to a more niche attacks, using the trend of technology, such as social networking or mobile device.
IBM states that during the past two years, the amount of spam in absolute values halved, while hackers have to follow the holes in the software and identify themselves, to use them at lightning speed. The soil is very fertile for this: among all the tested applications, IBM more than a third contained a potential vulnerability. However, a year earlier the figure was even higher - 43%.
According to the report of a sharp increase in complex phishing attacks designed for business users of any industry, such as the public sector or the petroleum industry. Also, experts say a significant increase in the activity of automated hacking tools involved in finding holes in the server or client computers.
The report says that during the review period, the number of circulating in the network exploits reduced by about one-third, while at the minimum for the last 4 years level. The number of unpatched vulnerabilities, security-related software is also reduced, although still in the 36% rate, many experts say are too high.
Another trend was the fall of 2011 the number of XSS-vulnerability that is associated with a noticeable increase in the quality of web applications. This can partly be explained by the fact that many of the CMS-system, which have traditionally been the vulnerability of this type are equipped with systems to scan for cross-skriptingovye bugs.
At the same time, IBM said that for the year almost doubling the number of attacks on the database associated with the injection of malicious code. Publicly announced the number of programs affected by SQL-injection, was reduced by 46%, but the activity of both automated and "manual" attacks more than doubled.
The full report is available here: http://www-03.ibm.com/security/xforce/
IBM today released its semi-annual report of the traditional X-Force, covering the period of the second half of 2011. The main conclusion of the report is to ensure that hackers attack the smaller, but much more accurate. If in the past year, attacks were massive, but now they are the target and in some cases, they are generally focused on a group of users or a specific user. The authors say that in general, attackers are now reconsidering their strategy, shifting to a more niche attacks, using the trend of technology, such as social networking or mobile device.
IBM states that during the past two years, the amount of spam in absolute values halved, while hackers have to follow the holes in the software and identify themselves, to use them at lightning speed. The soil is very fertile for this: among all the tested applications, IBM more than a third contained a potential vulnerability. However, a year earlier the figure was even higher - 43%.
According to the report of a sharp increase in complex phishing attacks designed for business users of any industry, such as the public sector or the petroleum industry. Also, experts say a significant increase in the activity of automated hacking tools involved in finding holes in the server or client computers.
The report says that during the review period, the number of circulating in the network exploits reduced by about one-third, while at the minimum for the last 4 years level. The number of unpatched vulnerabilities, security-related software is also reduced, although still in the 36% rate, many experts say are too high.
Another trend was the fall of 2011 the number of XSS-vulnerability that is associated with a noticeable increase in the quality of web applications. This can partly be explained by the fact that many of the CMS-system, which have traditionally been the vulnerability of this type are equipped with systems to scan for cross-skriptingovye bugs.
At the same time, IBM said that for the year almost doubling the number of attacks on the database associated with the injection of malicious code. Publicly announced the number of programs affected by SQL-injection, was reduced by 46%, but the activity of both automated and "manual" attacks more than doubled.
The full report is available here: http://www-03.ibm.com/security/xforce/
0 comments:
Post a Comment