Cybercriminals are adopting new strategies that allow them to exploit vulnerabilities in a faster and more effective way than that obtained so far, warn experts at IBM X-Force.
The X-Force 2008 Midyear Trend Statistics report indicates that 94 percent of all exploits to browsers they happen in the first 24 hours after errors are detected, that is, at a time when most users don’t even know they are exposed to attacks.
The plug-ins are another target of attack by hackers. In the first half of this year, these applications became one of the users’ preferred ports of entry for cybercriminals. Of the total exploits registered in the first six months of the year, 78 percent were directed to plug-ins.
IBM also notes that in the first half of the year, it was observed that isolated attacks are evolving into large-scale automated attacks and that more than half of the vulnerabilities discovered are related to applications web-server.
With regard to unsolicited e-mail, analyzes show that spam attacks by images, attachments or other forms of spread are decreasing and that the trend is now spam by URL embedded in the body of the message, as it happened initially. Now, almost 90 percent of the spam is distributed in this way.
According to the report, Russia remains the point of origin for most of the spam in circulation (11 percent), followed by Turkey (8 percent) and the United States (7.1 percent).
It should also be noted that players online have become a strong target of security threats. The popularity that these communities have achieved on the Internet has captivated hackers and currently the four Trojans most used for theft of passwords is intended for gaming sites.
Finally, IBM’s X-Force concludes that financial entities remain the primary targets of the phishing and that the importance of secure virtualization has been increasing, as threats to vulnerabilities related to this technology have tripled since 2006.
2008-07-17 – 96.5% of emails outstanding spam
2008-06-17 – Spam in circulation has doubled in the last 4 years