Security improvements within enterprise IT forcing hackers to adapt

by CXOtoday Staff    Mar 23, 2012

There has been progress in the fight against attacks due to the improvement in the quality of software. However, hackers are rethinking their tactics by targeting more niche IT loopholes, says IBM.

As several areas of Internet security continue to improve, hackers are adapting to newer techniques for attacks, says a report released by IBM.

The IBM X-Force 2011 Trend and Risk Report reveals reduction in application security vulnerabilities, exploit code and spam.

The report said that there was a 50 percent decline in spam email compared to 2010; more diligent patching of security vulnerabilities by software vendors, with only 36 percent of software vulnerabilities remaining unpatched in 2011 compared to 43 percent in 2010; and higher quality of software application code, as seen in web-application vulnerabilities called cross site scripting half as likely to exist in clients’ software as they were four years ago.

These improvements have forced hackers to rethink their tactics by targeting more niche IT loopholes and emerging technologies such as social networks and mobile devices.

The report uncovers a rise in emerging attack trends including mobile exploits, automated password guessing, and a surge in phishing attacks. An increase in automated shell command injection attacks against web servers may be a response to successful efforts to close off other kinds of web application vulnerabilities.

“In 2011, we have seen good progress in the fight against attacks through the IT industry’s efforts to improve the quality of software,” said Tom Cross, Manager of Threat Intelligence and Strategy for IBM X-Force. “In response, attackers continue to evolve their techniques to find new avenues into an organization. As long as attackers profit from cyber crime, organizations should remain diligent in prioritizing and addressing their vulnerabilities.”

The IBM X-Force 2011 Trend and Risk Report is based on intelligence gathered by research of public vulnerability disclosures findings from more than 4,000 clients, and the monitoring and analysis of an average of 13 billion events daily in 2011.

Emerging technologies create new avenues for attacks

New technologies such as mobile and cloud computing continue to create challenges for enterprise security, the report found.

The IBM X-Force report focused on a number of emerging trends and best practices to manage the growing trend of Bring your Own Device, or BYOD, in the enterprise. The study reported a 19 percent increase over the prior year in the number of exploits publicly released that can be used to target mobile devices.

Another area that has become the target of hacker activity is social media platforms. The study observed a surge in phishing emails impersonating social media sites.

Cloud computing is another emerging technology that will create new avenues for attacks, IBM said. The report said as cloud moves rapidly from emerging to mainstream technology, the most effective means for managing security in the model may be through Service Level Agreements (SLAs) because of the limited impact that an organization can realistically exercise over the cloud computing service.