Software security vulnerabilities continue to rise

IBM is releasing a report announcing the highlights of its security statistics study, which describes key security findings for 2006 and predicts the nature of Internet threats expected to emerge in 2007.

Based on early indicators, IBM anticipates a continued rise in the sophistication of profit-motivated cyber attacks, including an increased focus on the Web browser and advances in image-based spam.

According to the report, which was developed by the IBM Internet Security Systems (ISS) X-Force research and development team, there were 7,247 new vulnerabilities recorded and analyzed by the X-Force in 2006, which equates to an average of 20 new vulnerabilities per day. This total represents a nearly 40 per cent increase over what ISS reported in 2005. More than 88 per cent of 2006 vulnerabilities could be exploited remotely, and over 50 per cent allowed attackers to gain access to a machine after exploitation.

Attacks on Web browsers are expected to continue rising in 2007, partially as a result of the newly-created “exploits as a service” industry. The sale of exploit material is becoming even more organized and is increasingly taking the shape of the channel sales model used by legitimate corporate entities. Managed exploit providers are purchasing exploit code from the underground, encrypting it so that it cannot be pirated, and selling it for top dollar to spam distributors. The organized development and sale of encrypted exploit code will make signature-based protection even less effective in 2007.

In terms of spam, X-Force predicts a continued sophistication of image-based spam techniques. In 2007, new forms of image-based spam will likely be developed to evade protection solutions that have been created to combat early forms of image-based spam seen in the wild.

X-Force has been cataloguing, analyzing and researching vulnerability disclosures since 1997. With more than 30,000 security vulnerabilities catalogued, it has the largest vulnerability database in the world.

Comment: cdnedit@itbusiness.ca

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

CDN Staff
CDN Staffhttps://channeldailynews.com
For over 25 years, CDN has been the voice of the IT channel community in Canada. Today through our digital magazine, e-mail newsletter, video reports, events and social media platforms, we provide channel partners with the information they need to grow their business.

Related Tech News

CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.