IBM report confirms rise in web-based security attacks
Reveals that more than half of all vulnerabilities analysed last year were related to web applications
The latest IBM X-Force Trend and Risk annual report has confirmed an increase in web-based attacks, with cybercriminals using legitimate corporate websites to push malware and steal confidential data.
"Cyber-criminals target businesses because they provide an easy target to launch attacks against anyone that visits the web," said Kris Lamb, global director and senior operations manager, IBM X-Force. "This is one of the oldest forms of mass attack still in existence today and there are a number of simple steps that can be taken in ensuring better security for regional businesses, it is therefore surprising that cyber-criminals are still finding fruits from their efforts."
Last year more than half of all the vulnerabilities identified were related to web applications, of which more than 75% had no patch. By the end of 2008, the volume of attacks jumped to 30 times the number initially seen that summer.
Another trend noted was the continued focus by cybercriminals on browser and ActiveX controls, with planned attacks linking to malicious videos and documents.
2009 is set to see more of the same – the X-Force team already uncovered more than 1600 security-related threats in the first quarter of the year; nearly 48% of which allowed unauthorized access to a compromised system.