Security gurus see even harsher browser attacks for '07

Another year, another round of sneaky online attacks. IBM security experts anticipate 2007 will see more sophisticated profit-motivated cyber attacks, including more focus on Web browsers as well as advances in image-based spam.

Their findings – part of IBM’s 2006 security statistics report – also noted that, on average, each day of 2006 brought 20 new vulnerabilities. More than 88 percent of 2006 vulnerabilities could be exploited remotely and more than half allowed attackers to gain access to a machine.

“While these numbers seem grim upon initial review, the good news is our research indicates a drop in the percentage of high-impact vulnerabilities since last year,” said Gunter Ollmann, director of security strategy for IBM Internet Security Systems. “In 2005, high-impact vulnerabilities accounted for about 28 percent of total vulnerabilities, while they only accounted for 18 percent in 2006. The security industry has made great progress over the last year, but despite promising statistics such as this one, we predict that 2007 will require even higher levels of vigilance and innovation to deal with emerging threats and new vectors of attack.”

Perhaps even more frightening, cyber villains have made selling malware a cottage industry, modeled on corporate-style distribution. Rogue dealers buy exploitive software from underground programmers, encrypt it (ironically to protect it from piracy) and sell it to spam distributors.

Source: IBM

Related stories:

Princeton researchers envision a more secure Internet
Like human society itself, the world's computerized infrastructure is wondrously complex, both spectacularly fertile and deeply flawed.
Cyber criminals cloak their tracks
The 2007 X-Force Security report from IBM finds a disturbing rise in the sophistication of attacks by criminals on Web browsers worldwide. According to IBM, by attacking the browsers of computer users, cyber criminals are now stealing the identities and controlling the computers of consumers at a rate never before seen on the Internet.
Security Bigwigs Patch Their Programs
Symantec, McAfee, and Computer Associates have all fixed serious flaws in their software with recent patches and updates.
Commtouch: Malware Writers' Tactics Evolving
The security vendor says server-side polymorphic malware exploded across e-mail during the first quarter of 2007, with attackers exploiting the vulnerabilities of traditional anti-virus tools.
AJAX Apps Ripe Targets for JavaScript Hijacking
A pervasive vulnerability that allows an attacker to take over any Web browser and silently intercept sensitive data input occurs in Web 2.0 settings from Yahoo to ASP .Net to Google, security firm Fortify says.
Why Encryption Didn't Save TJX
TJX: It's the target of the largest known customer record theft of all time, and it's a case in point that encryption is not a silver bullet.
RFID Feared as Possible Terrorist Target
London's Royal Academy of Engineering suggests that someday a terrorist will be able to read personal details from a distance and set a bomb to go off when a particular person gets within range.
Symantec Voices Security Concerns over Vista's Use of Tunneling Protocol
Security company Symantec says new research supports fears that Windows Vista's use of the IP tunneling protocol Teredo is potentially insecure.

News discussion:

Technology news