A complex and sophisticated criminal economy has developed to capitalise on Web vulnerabilities
(19/02/2008)

According to IBM's 2007 X-Force Security report, the sophistication of attacks by criminals on Web browsers worldwide is in dramatic increase. By attacking the browsers of computer users, cybercriminals are now stealing the identities and controlling the computers of consumers at a rate never before seen on the Internet.

The study finds that a complex and sophisticated criminal economy has developed to capitalise on Web vulnerabilities. Underground brokers are delivering tools to aid in obfuscation, or camouflaging attacks on browsers, so cybercriminals can avoid detection by security software.

In 2006, only a small percentage of attackers employed camouflaging techniques, but this number soared to 80 percent during the first half of 2007, and reached nearly 100 percent by the end of the year. The X-Force believes the criminal element will contribute to a proliferation of attacks in 2008.

Using these techniques, cybercriminals can infiltrate a user's system and steal their IDs and passwords or obtain personal information like National Identification numbers, Social Security numbers and credit card information. When attackers invade an enterprise machine, they could steal sensitive company information or use the compromised machine to gain access to other corporate assets behind the firewall.

“Never before have such aggressive measures been sustained by Internet attackers towards infection, propagation and security evasion. While computer security professionals can claim some victories, attackers are adapting their approaches and continuing to have an impact on users’ experiences,” said Kris Lamb, operations manager, X-Force Research and Development for IBM Internet Security Systems.

“The Storm Worm provides a microcosm of the kinds of threats users faced in 2007. All in all, the exploits used to spread Storm Worm are a blend of the various threats tracked by X-Force, including spam, phishing and drive-by-downloads by way of Web browser exploitation.”

The Storm Worm, the most pervasive Internet attack last year, continues to infect computers around the world through a culmination of the threats the X-Force tracks, including malicious software (malware), spam and phishing. Last year, delivery of malware was at an all time high, as X-Force reported a 30 percent rise in the number of malcode samples identified. The Storm Worm comprised around 13 percent of the entire malcode set collected in 2007.

In other findings, for the first time ever, the size of spam emails decreased sharply to pre-2005 levels. X-Force believes the decrease is linked to the drop off of image-based spam. This decrease can be counted as a win for the security industry - as anti-spam technologies became more efficient at detecting image-based spam, spammers were forced to turn to new techniques.

The X-Force has been cataloguing, analysing and researching vulnerability disclosures since 1997. With more than 33,000 security vulnerabilities catalogued, it has the largest vulnerability database in the world. This unique database helps X-Force researchers to understand the dynamics that make up vulnerability discovery and disclosure.

The new X-Force report from IBM also reveals that:
* The number of critical computer security vulnerabilities disclosed increased by 28 percent, a substantial upswing from years past.
* The overall number of vulnerabilities reported for the year went down for the first time in 10 years.
* Out of all the vulnerabilities disclosed last year, only 50 percent can be corrected through vendor patches.
* Nearly 90 percent of 2007 disclosed vulnerabilities are remotely exploitable.