Security gurus see even harsher browser attacks for '07

January 31, 2007

Another year, another round of sneaky online attacks. IBM security experts anticipate 2007 will see more sophisticated profit-motivated cyber attacks, including more focus on Web browsers as well as advances in image-based spam.

Their findings – part of IBM’s 2006 security statistics report – also noted that, on average, each day of 2006 brought 20 new vulnerabilities. More than 88 percent of 2006 vulnerabilities could be exploited remotely and more than half allowed attackers to gain access to a machine.

“While these numbers seem grim upon initial review, the good news is our research indicates a drop in the percentage of high-impact vulnerabilities since last year,” said Gunter Ollmann, director of security strategy for IBM Internet Security Systems. “In 2005, high-impact vulnerabilities accounted for about 28 percent of total vulnerabilities, while they only accounted for 18 percent in 2006. The security industry has made great progress over the last year, but despite promising statistics such as this one, we predict that 2007 will require even higher levels of vigilance and innovation to deal with emerging threats and new vectors of attack.”

Perhaps even more frightening, cyber villains have made selling malware a cottage industry, modeled on corporate-style distribution. Rogue dealers buy exploitive software from underground programmers, encrypt it (ironically to protect it from piracy) and sell it to spam distributors.

Source: IBM