IBM (NYSE: IBM) today released the results of its X-Force 2011 Trend and Risk Report, which shows surprising improvements in several areas of Internet security such as a reduction in application security vulnerabilities, exploit code and spam.
As a result, the report suggests attackers today are being forced to rethink their tactics by targeting more niche IT loopholes and emerging technologies such as social networks and mobile devices.
Announced today, March 22, the X-Force 2011 Trend and Risk Report revealed a 50 percent decline in spam email compared to 2010; more diligent patching of security vulnerabilities by software vendors, with only 36 percent of software vulnerabilities remaining unpatched in 2011 compared to 43 percent in 2010; and higher quality of software application code, as seen in web-application vulnerabilities called cross site scripting half as likely to exist in clients’ software as they were four years ago.
In light of these improvements, the report says, it seems attackers are adapting their techniques. It uncovers a rise in emerging attack trends including mobile exploits, automated password guessing, and a surge in phishing attacks.
An increase in automated shell command injection attacks against web servers may be a response to successful efforts to close off other kinds of web application vulnerabilities.
The IBM X-Force 2011 Trend and Risk Report is based on intelligence gathered by one of the industry’s leading security research teams through its research of public vulnerability disclosures findings from more than 4,000 clients, and the monitoring and analysis of an average of 13 billion events daily in 2011, says IBM.
“In 2011, we’ve seen surprisingly good progress in the fight against attacks through the IT industry’s efforts to improve the quality of software,” said Tom Cross, manager of Threat Intelligence and Strategy for IBM X-Force.
“In response, attackers continue to evolve their techniques to find new avenues into an organization. As long as attackers profit from cyber crime, organizations should remain diligent in prioritizing and addressing their vulnerabilities.”
According to the report, there are positive trends as it appears companies implemented better security practices in 2011.