IBM issues cyber-security warning

IBM has issued a rather dramatic cyber security warning alongside its mid-year X-Force Trend and Risk Report.

According to Big Blue, vulnerability disclosures are increasing dramatically and reached “record levels” during the first half of 2010.

Indeed, 4,396 new vulnerabilities were documented by the X-Force Research team, indicating a 36 percent increase over the same time period last year.

In addition, web application vulnerabilities continued to be a leading security threat, while malware hidden in JavaScript and Portable Document Formats (PDFs) became more sophisticated and harder to detect. 

“Enterprises are fighting increasingly sophisticated attacks on their computer networks, including Advanced Persistent Threats. These sophisticated attackers are employing covert means to break into networks without being detected by traditional security tools,” confirmed IBM spokesperson Steve Robinson.

“[And] JavaScript obfuscation is a particularly popular technique used by all classes of computer criminals to hide their exploits within document files and Web pages…[We] detected a 52 percent increase in obfuscated attacks during the first half of 2010 versus the same period in 2009.”

Robinson added that PDF exploits had continued to “soar,” as attackers successfully tricked gullible users in new ways.

“[But] the most significant jump associated with PDF attacks in 2010 occurred in April, when IBM detected almost 37 percent more attack activity than the average for the first half of 2010.

“This spike coincided with a widespread spam campaign in which malicious PDF attachments were used to spread the Zeus and Pushdo botnets, some of the most insidious threats on the Internet today.”

The full report can be accessed here.