View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
February 24, 2010

Phishing, document-related threats on the rise: IBM

New malicious web links up 345% on year ago

By CBR Staff Writer

New vulnerabilities decreased in 2009, but the vulnerability disclosures for document readers and editors and multimedia applications rose by 50%, compared to 2008, according to an annual X-Force Trend and Risk Report from IBM.

Overall 6,601 new vulnerabilities were discovered in 2009, an 11% decrease over 2008, indicating declines in the largest categories of vulnerabilities such as SQL Injection, in which criminals inject malicious code into legitimate web sites.

According to the report, attackers were successful at both the hosting of malicious web pages and that web browser-related vulnerabilities with new malicious web links rising by 345% compared to 2008. 49% of all vulnerabilities are related to web applications, with cross-site scripting disclosures surpassing SQL injection to take the top spot. 67% of web application vulnerabilities had no patch available at the end of 2009.

Attacks on the web using obfuscation has increased significantly while phishing rates dipped mid-year but rose dramatically in the last half of 2009. Brazil, USA and Russia were the countries where most malicious attacks originated, supplanting Spain, Italy and South Korea at the top in the 2008 report, IBM said.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

By industry, 61% of phishing emails purport to be sent by financial institutions, whereas 20% purport to come from government organisations.

Tom Cross, manager of IBM X-Force Research, said: Despite the ever-changing threat landscape, this report indicates that overall, vendors are doing a better job responding to security vulnerabilities. However, attackers have clearly not been deterred, as the use of malicious exploit code in Web sites is expanding at a dramatic rate.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.