Asia's Source for Enterprise Network Knowledge

Thursday, April 24th, 2014

IT and business management and issues

Attacks rethinking exploit tactics, IBM says

IBM said it found surprising improvements in Internet security such as a reduction in application security vulnerabilities, exploit code and spam, but it also noted that those improvements come with a price: Attackers have been forced to rethink their tactics.

IBM's security group, X-Force, released its 2011 Trend and Risk Report which surveys some 4,000 customers, and the report showed the following:

• Spam out: a 50% decline in spam email compared to 2010.

• Better patching: Only 36% of software vulnerabilities remaining unpatched in 2011 compared to 43% in 2010. Some security vulnerabilities are never patched, but the percentage of unpatched vulnerabilities has been decreasing steadily over the past few years. 

• Higher quality of software application code: Web-application vulnerabilities called cross-site scripting (XSS) are half as likely to exist in clients' software as they were four years ago, IBM stated. However, XSS vulnerabilities still appear in about 40% of the applications IBM scans.

• Fewer exploits: When security vulnerabilities are disclosed, exploit code is sometimes released that attackers can download and use to break into computers. Approximately 30% fewer exploits were released in 2011 than were seen on average over the past four years.

Of course there is a dark side. These are new security problem trends IBM reported:

• Shell command injection vulnerabilities more than doubled: For years, SQL injection attacks against Web applications have been a popular vector for attackers of all types. SQL injection vulnerabilities allow an attacker to manipulate the database behind a website. As progress has been made to close those vulnerabilities -- the number of SQL injection vulnerabilities in publicly maintained Web applications dropped by 46% in 2011-- some attackers have now started to target shell command injection vulnerabilities instead. These vulnerabilities allow the attacker to execute commands directly on a Web server. Shell command injection attacks rose by two to three times over the course of 2011.