Web insecurity. That's the two-word summary of IBM's X-Force 2009 Mid-Year Trend and Risk Report. Big Blue released its latest survey Wednesday with some troubling news: Web client, server  and content threats are converging to create an untenable risk landscape.
IBM recorded a 508 percent increase in the number of new malicious Web links discovered in the first half of 2009 -- and the problem is no longer limited to malicious domains or untrusted Web sites. The X-Force report points to an increase in the presence of malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal Web sites, online magazines, and mainstream news sites. The consequence for victims is attackers gaining access to private data .
The X-Force report also discovered evidence that suggests attackers are getting more sophisticated. Veiled Web exploits, especially PDF files, are at an all-time high. PDF vulnerabilities disclosed in the first half of 2009 surpassed findings from all of 2008. From the first quarter to the second quarter alone, the number of suspicious, obfuscated or concealed content monitored by the IBM ISS Managed Security Services team nearly doubled.
Safe Browsing Extinct
"The trends highlighted by the report seem to indicate that the Internet has finally taken on the characteristics of the Wild West where no one is to be trusted," said X-Force Director Kris Lamb. "There is no such thing as safe browsing today and it is no longer the case that only the red-light district sites are responsible for malware. We've reached a tipping point where every Web site should be viewed as suspicious and every user is at risk. The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity."
Web security is no longer just a browser or client-side issue, according to IBM. Criminals are also leveraging insecure Web applications to target users of legitimate Web sites. The X-Force report discovered a sharp increase in Web-application attacks aimed at stealing and manipulating data and taking control of infected computers. SQL-injection attacks rose 50 percent from the fourth quarter 2008 to the first quarter 2009 -- and then nearly doubled from the first quarter to the second quarter.
"Two of the major themes for the first half of 2009 are the increase in sites hosting malware and the doubling of obfuscated Web attacks," Lamb said. "The trends seem to reveal a fundamental security weakness in the Web ecosystem where interoperability between browsers, plug-ins, content and server applications dramatically increases the complexity and risk. Criminals are taking advantage of the fact that there is no such thing as a safe browsing environment and are leveraging insecure Web applications to target legitimate Web-site users." (continued...)
|
Social Media and the Customer Experience