There is good news and bad news in this year’s X-Force 2010 Trend and Risk Report from IBM. The good news is that it seems that spam and phishing attacks are leveling off. Also, mobile devices have not been compromised in any big way, yet. The bad news is that IT security threats are getting increasingly sophisticated and targeted.
Based on intelligence gathered through research of public vulnerability disclosures, and the monitoring and analysis of more than 150,000 security events per second during every day of 2010, the observations from the IBM X-Force Research team finds that more than 8,000 new IT security vulnerabilities were documented, a 27 percent rise from 2009. Public exploit releases were also up 21 percent from 2009 to 2010. This data points to an expanding threat landscape in which sophisticated attacks are being launched against increasingly complex computing environments.
There seems to be a declining interest in spamming
IBM reports the historically high growth in spam volume leveled off by the end of 2010. This indicates that spammers may be seeing less value from increasing the volume of spam, and instead are focused on making sure it is bypassing filters. Spam volumes peaked, and then leveled off — In 2010, spam volumes increased dramatically, reaching their highest levels in history. However, the growth in volume leveled off by the end of the year. In fact, by year’s end, spammers seemed to go on vacation, with a 70 percent decline in traffic volumes occurring just before Christmas and returning early in the new year.
There were significantly fewer mass phishing attacks relative to previous years, but there has been a rise in more targeted attack techniques
Although phishing attacks still occurred, the peak volume of phishing emails in 2010 was less than a quarter of the peak volumes in the previous two years. This may indicate a shift toward other, more profitable, attack methodologies such as botnets and ATM skimming. Despite this decline, “spear phishing,” a more targeted attack technique, grew in importance in 2010, as meticulously crafted emails with malicious attachments or links became one of the hallmarks of sophisticated attacks launched against enterprise networks. 2010 saw some of the most high profile, targeted attacks that the industry has ever witnessed. For example, the Stuxnet worm demonstrated that the risk of attacks against highly specialized industrial control systems is not just theoretical.
These types of attacks are indicative of the high level of organization and funding behind computer espionage and sabotage that continues to threaten a widening variety of public and private networks.
Trojan botnet activity increased during 2010
This growth is significant because despite increasing coordinated efforts to shut down botnet activity, this threat appeared to be gaining momentum. However, IBM X-Force’s data did illustrate the dramatic impact of a successful effort in early 2010 to shutdown the Waledac botnet, which resulted in an instantaneous drop off in observed command and control traffic. On the other hand, the Zeus botnet continued to evolve and constituted a significant portion of the botnet activity detected by IBM X-Force in 2010. Due to its extreme popularity with attackers, there are hundreds, or even thousands, of separate Zeus botnets active at any given time. The Zeus botnet malware is commonly used by attackers to steal banking information from infected computers.
Smartphones are still safe, but for how long?
In 2010, IBM X-Force documented increases in the volume of vulnerabilities disclosed in mobile devices as well as the disclosure of exploits that target them. The desire to “jailbreak” or “root” mobile devices has motivated the distribution of mature exploit code that has been reused in malicious attacks. However, overall, IBM X-Force concludes, attacks against the latest generation of mobile devices were not yet widely prevalent in 2010. Still, growing end user adoption of smartphones and other mobile devices is making plenty of more work for IT security departments, who are struggling to bring these devices safely into corporate networks. According to the report, best practices for mobile security are evolving with enhanced password management and data encryption capabilities.
Market will drive more cloud security
The IBM report also tackled the security issues posed by cloud computing for the first time. The report highlighted a shift in perception about cloud security, still considered an inhibitor to adoption. Cloud providers must earn their customers’ trust by “providing an infrastructure that is secure by design with purpose-built security capabilities that meet the needs of the specific applications moving into the cloud. As more sensitive workloads move into the cloud, the security capabilities will become more sophisticated.”
Over time, the report says, the market will drive the cloud to provide access to security capabilities and expertise that is more cost effective than in-house implementations. This may turn questions about cloud security on their head by making an interest in better security a driver for cloud adoption, rather than an inhibitor.