New report analyzes and explores latest security threats and trends
Marcel Santilli 270002FABM firstname.lastname@example.org | | Tags:  attackers ibm_security hackers data ibm java ibm-security ibm_mobile vulnerabilities xforce research report x-force ibmxforce ibm-mobile ibmmobile ddos ibm-xforce security information-security mobile security-intelligence ibmsecurity it
0 Comments | 6,918 Visits
NEW! IBM X-Force 2012 Annual Trend and Risk Report
Twice a year since the late 1990s, IBM’s X-Force Research and Development team releases a trend and risk report including content collected from dozens of thought leaders across the company. Its findings, analyses and predictions come from working with our thousands of clients and leveraging vast database resources of publicly disclosed security vulnerabilities, IP reputations, and details behind historical spam and phishing attacks. The report amounts to required reading for security professionals charged with safeguarding your company’s intellectual property, corporate data and private customer data.
It’s difficult to summarize all the important content in a single statement; nevertheless, we noticed what we believed to be a central theme associated with achieving the maximum impact by expending the least possible effort. Many of the targets selected were broad in nature, and the tools and techniques used in the attacks amounted to off-the-shelf technology. No need to go to extreme measures when login credentials could easily be compromised on users quickly duped into clicking on bad links or opening malicious code sent via email attachments.
For example, we examined the role of web browser exploit kits and how quickly they appeared after the vulnerabilities were identified. More exploit kits were readily available in 2012, and the primary driver was the Java Content Management System—especially for its add-ons. Despite the availability of patches, attackers took advantage of the infrequency of organizational and individual patch applications to great success. Java also had the unique appeal of being a cross platform and multi-browser attack opportunity.
We also saw increasing sophistication in Denial of Service (DDoS) attacks and the continued effectiveness of SQL Injection and Cross-site scripting approaches leading us to conclude that 2012 was a year where attackers achieved a higher return on their exploit development efforts. Find out more about these important issues by downloading a copy of the IBM X-Force 2012 Annual Trend and Risk Report today.
Follow IBM Security on Twitter for the latest news.