IBM said it found surprising improvements in Internet security such as a reduction in application security vulnerabilities, exploit code and spam, but it also noted that those improvements come with a price: Attackers have been forced to rethink their tactics.
IBM's security group, X-Force, released its 2011 Trend and Risk Report which surveys some 4,000 customers, and the report showed the following:
• Spam out: a 50% decline in spam email compared to 2010.
• Better patching: Only 36% of software vulnerabilities remaining unpatched in 2011 compared to 43% in 2010. Some security vulnerabilities are never patched, but the percentage of unpatched vulnerabilities has been decreasing steadily over the past few years.
• Higher quality of software application code: Web-application vulnerabilities called cross-site scripting (XSS) are half as likely to exist in clients' software as they were four years ago, IBM stated. However, XSS vulnerabilities still appear in about 40% of the applications IBM scans.
• Fewer exploits: When security vulnerabilities are disclosed, exploit code is sometimes released that attackers can download and use to break into computers. Approximately 30% fewer exploits were released in 2011 than were seen on average over the past four years.
Of course there is a dark side. These are new security problem trends IBM reported:
• Shell command injection vulnerabilities more than doubled: For years, SQL injection attacks against Web applications have been a popular vector for attackers of all types. SQL injection vulnerabilities allow an attacker to manipulate the database behind a website. As progress has been made to close those vulnerabilities -- the number of SQL injection vulnerabilities in publicly maintained Web applications dropped by 46% in 2011-- some attackers have now started to target shell command injection vulnerabilities instead. These vulnerabilities allow the attacker to execute commands directly on a Web server. Shell command injection attacks rose by two to three times over the course of 2011.
• Automated password guessing: Poor passwords and password policies have played a role in a number of high-profile breaches during 2011. There is also a lot of automated attack activity on the Internet in which attacks scan the 'Net for systems with weak login passwords. IBM observed a large spike in this sort of password guessing activity directed at secure shell servers in the latter half of 2011.
• Increase in phishing attacks that impersonate social networking sites and mail parcel services: The volume of email attributed to phishing was relatively small over the course of 2010 and the first half of 2011, but phishing came back with a vengeance in the second half, reaching volumes that haven't been seen since 2008. Many of these emails impersonate popular social networking sites and mail parcel services, and entice victims to click on links to Web pages that may try to infect their PCs with malware. Some of this activity can also be attributed to advertising click fraud, where spammers use misleading emails to drive traffic to retail websites.
• Publicly released mobile exploits up 19% in 2011: This year's IBM X-Force report focused on a number of emerging trends and best practices to manage the growing trend of "bring your own device," or BYOD, in the enterprise. IBM X-Force reported a 19% increase over the prior year in the number of exploits publicly released that can be used to target mobile devices.
• Cloud computing presents new challenges: In 2011, there were many high-profile cloud breaches affecting well-known organizations and large populations of their customers. IT security staff should carefully consider which workloads are sent to third-party cloud providers and what should be kept in-house due to the sensitivity of data, IBM said. The IBM X-Force report notes that the most effective means for managing security in the cloud may be through Service Level Agreements (SLAs) because of the limited impact that an organization can realistically exercise over the cloud computing service. Therefore, careful consideration should be given to ownership, access management, governance and termination when crafting SLAs, IBM stated.
Follow Michael Cooney on Twitter: @nwwlayer8 and on Facebook.
Read more about wide area network in Network World's Wide Area Network section.
This story, "IBM: Internet Security Better, Exploits Worse" was originally published by Network World.