Nyheter

Den ferske IBM X-Force Security Report 2007 viser at angrep gjennom nettlesere blir stadig mer avanserte. Organiserte nettkriminelle stjeler identiteter fra forbrukere i større grad enn noen gang.

En sammensatt og avansert kriminell økonomi jobber for å tjene penger på sårbarheter i nettlesere, ifølge rapporten. Kriminelle forhandlere selger verktøy som skjuler angrep på nettlesere, og gjør det vanskelig å spore angrepet.

I 2006 forsøkte bare noen få prosent av angriperne å kamuflere sin identitet. Ved slutten av 2007 var dette steget med 80 prosent, til nesten 100. X-Force mener dette kan bety tusenvis av ekstra angrep i 2008.

Aldri før har X-Force rapporten vist så aggressive tall for nettangrep. Selv om sikkerhetsprogramvare og sikkerhetssystemer blir stadig bedre, tilpasser nettkriminelle sine arbeidsmetoder og fortsetter angrepene.

Andre funn fra rapporten:

• Spredning av ondsinnet kode steg med 30 prosent. Det såkalte "Storm Worm"-angrepet sto for 13 prosent av dette, og sprer seg fortsatt.
• Spam-e-post sank til 2005-nivå.
• Kritiske sårbarheter økte med 28 prosent
• Det totale antall sårbarheter sank for første gang på ti år i 2007
• Kun 50 prosent av sårbarhetene rapportert i fjor kan repareres ved oppdateringer fra leverandørene
• Nærmere 90 prosent av sårbarhetene kan utnyttes av utenforstående.

X-Force har kartlagt, analysert og forsket på sårbarheter siden 1997. De har den største sårbarhetsdatabasen i verden, med 33.000 registrerte sårbarheter.

Les mer i vedlagt rapport og pressemelding.

IBM X-Force Security Report: Web Browsers Under Siege from Organized Crime
ARMONK, NY – February 12, 2007 – IBM (NYSE: IBM) today released the findings of the 2007 X-Force Security report, detailing a disturbing rise in the sophistication of attacks by criminals on Web browsers worldwide. According to IBM, by attacking the browsers of computer users, cybercriminals are now stealing the identities of consumers at a rate never before seen on the Internet.

The study finds that a complex and sophisticated criminal economy has developed to capitalize on Web vulnerabilities. Underground brokers are delivering tools to aid in obfuscation, or camouflaging attacks on browsers, so cybercriminals can avoid detection by security software. In 2006, only a small percentage of attackers employed camouflaging techniques, but this number soared to 80% during the first half of 2007, and reached nearly 100% by the end of the year. The X-Force believes the criminal element could contribute to thousands of additional attacks in 2008.

“Never before have such aggressive measures been sustained by Internet attackers towards infection, propagation and security evasion. While computer security professionals can claim some victories, attackers are adapting their approaches and continuing to have an impact on users’ experiences,” said Kris Lamb, operations manager, X-Force Research and Development for IBM Internet Security Systems. “The Storm Worm provides a microcosm of the kinds of threats users faced in 2007. All in all, the exploits used to spread Storm Worm are a blend of the various threats tracked by X-Force, including spam, phishing and drive-by-downloads by way of Web browser exploitation.”

The Storm Worm, the most pervasive Internet attack last year, continues to infect computers around the world through a culmination of the threats the X-Force tracks, including malicious software (malware), spam and phishing. Last year, delivery of malware was at an all time high, as X-Force reported a 30% rise in the number of malcode samples identified. The Storm Worm comprised around 13% of the entire malcode set collected in 2007.

In other findings, for the first time ever, the size of spam emails decreased sharply to pre-2005 levels. X-Force believes the decrease is linked to the drop off of image-based spam. This decrease can be counted as a win for the security industry - as anti-spam technologies became more efficient at detecting image-based spam, spammers were forced to turn to new techniques.

The X-Force has been cataloguing, analyzing and researching vulnerability disclosures since 1997. With more than 33,000 security vulnerabilities catalogued, it has the largest vulnerability database in the world. This unique database helps X-Force researchers to understand the dynamics that make up vulnerability discovery and disclosure.

The new X-Force report from IBM also reveals that:

• The number of critical computer security vulnerabilities disclosed increased by 28%, a substantial upswing from years past.
• The overall number of vulnerabilities reported for the year went down for the first time in ten years.
• Out of all the vulnerabilities disclosed last year, only 50% can be corrected through vendor patches.
• Nearly 90% of 2007 disclosed vulnerabilities are remotely exploitable.

IBM is the world's leading provider of risk and security solutions. Clients around the world partner with IBM to help reduce the complexities of security and strategically manage risk. No other company can provide the experience and range of risk and security solutions as IBM - from dedicated research, software, hardware, services and global business partner value - to help clients secure their business operations and implement company-wide, integrated risk management programs.

For more security trends and predictions from IBM, including graphical representations of security statistics, please access the full "2007 X-Force Trends Statistics" at: [insert link]

About IBM

For more information about IBM, visit
www.ibm.com