IBM_logo_2009.jpg
For enterprises that border on the complacent when it comes to security, the latest report from IBM (news, site) which shows document format vulnerabilities and related attacks are soaring --  particularly with PDFs -- might act as a wake-up call.

The bi-annual IBM X-Force Trend and Risk report shows that the level of phishing and document attacks is rising dramatically, with phishing, malicious web links and document vulnerabilities the main way in which hackers hack your information.

Data, Money Main Targets

And while financial gain is the principal objective of such attacks, increasingly, the report finds, hackers are also looking to steal data from individuals and enterprises.

However, vendors are responding and even doing better than they have in the past, but vulnerabilities are still at record high levels despite a decrease of 11% between 2008 and 2009.

Despite the ever-changing threat landscape . . . vendors are doing a better job responding to security vulnerabilities. However, attackers have clearly not been deterred, as the use of malicious exploit code in Web sites is expanding at a dramatic rate," said Tom Cross, manager of IBM X-Force Research.

Web-Related Vulnerabilities

IBM has been publishing the report since 1997 when it started researching and identifying vulnerabilities with 48,000 cataloged to date. This year’s report is no different than other years in that some of the findings should make many enterprises very nervous.

IBM defines vulnerabilities as any computer-related vulnerability, exposure or configuration setting that may result in a weakening or breakdown of the confidentiality, integrity or accessibility of the computing system. Threat levels are classified using the Common Vulnerability Scoring .

Findings this year include:

  • There were 6601 vulnerabilities identified last year including SQL Injections (injecting malicious code into websites and ActiveX) down 11% on the previous year.
  • Forty-nine percent of all vulnerabilities are web related with no patch available for 67% of vulnerabilities.
  • Vulnerabilities with document editors and web browsers with no patch have decreased.
  • Vulnerabilities for document editors and readers has risen by 50% from 2008.
  • Malicious web links have risen by 345% on 2008.
  • Phishing attacks rocketed in the second half of 2009 with the USA, Russia and Brazil accounting for the origins of most malicious attacks.
  • By industry, 61 percent of phishing emails purport to be sent by financial institutions, whereas 20 percent purport to come from government organizations.

And there are many other findings that companies need to take note of. What does come across though is that most of the vulnerabilities can be fixed if the right action is taken.

If you’re interested in more, you can download this and previous reports through the IBM security website, but you will need to register.