Vulnerabilities / Threats

8/25/2010
02:05 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

IBM Report: Stealthy Attacks, Vulnerability Disclosures Rise

X-Force report says 35 percent of vulnerabilities affecting virtualization servers also affect the hypervisor

Covert and obfuscated attacks on organizations have increased by more than 50 percent in the past year worldwide, according to newly released report by IBM's X-Force research team.

The new IBM X-Force 2010 Mid-Year Trend and Risk Report also found that the total number of new vulnerabilities disclosed had increased 36 percent over the same period last year, to 4,396 for the first half of '10. And 55 percent of these bugs had not been fixed by the end of the first half.

"We knew this was coming for a few months before we put the data together, but it was still a surprise to us in some respects. Last year, we saw an 11 percent decrease in vulnerability disclosure," says Tom Cross, manager of XForce Research. "If you had asked me a year ago, I would not have expected this volume of disclosure."

The leap in the number of exposed flaws is both good news and bad news. "It means we're doing a lot more work to catalog them ... in some respects, applications are more secure because we are getting these vulns out in the open and getting patches out there. It's a process," Cross says.

Meanwhile, organizations around the globe are facing more hidden attacks -- these attacks rose 52 percent in the first half of 2010 versus the same period in '09 -- where the attackers hide their malicious code behind JavaScript, as well as PDF files to avoid detection, according to IBM. This category includes the infamous advanced persistent threats or APTs, which try to remain in a network undetected as long as possible to steal information.

"We're seeing people struggling with the constantly increasing sophistication of attacks," IBM's Cross says. "A lot of these attacks are obfuscated."

PDFs can also be obfuscated as well, he says. And there was a 37 percent increase in PDF-borne exploits in April of this year than the average for the first half of 2010, according to the report, mostly due to a major spam run that used PDFs to push Zeus and Pushdo bots.

The report also confirmed worries about mixing apps and operations within a virtualized server that require different levels of security: 35 percent of the vulnerabilities that affect virtualization servers also affect the hypervisor. So if an attacker wrests control of one virtual machine on a server, he or she may be able to hack into other more secure virtual systems on the same server, according to the report.

"You shouldn't be tying in different domains with different security requirements on the same physical hardware," Cross says. "A hypervisor is a piece of software, and it can have vulnerabilities like other pieces of software."

Not surprisingly, Web application vulnerabilities led the vulnerability disclosure list, making up 55 percent of all disclosures, with the number at anywhere from 3,000 to 4,000 finds per year. That number doesn't include custom Web apps, according to the report, so it's likely an even larger number. Cross-site scripting (XSS) and SQL injection were at the top of the list.

A copy of the full report from IBM X-Force is available for download here.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/12/2019
Cybercriminals Think Small to Earn Big
Dark Reading Staff 3/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: LOL  Hope this one wins
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.