IBM Report: Government, Financial Services and Manufacturing Sectors Top Targets of Security Attacks in First Half of 2005; 'Customized' Attacks Jump 50 Percent As New Phishing Threats Emerge.ARMONK, N.Y. -- Today, IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) reported that virus-laden emails and criminal driven security attacks increased by 50 percent in the first half of 2005 - underscored by a significant rise in 'customized' attacks on the government, financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. , manufacturing and healthcare industries. This substantial increase, along with a decrease in less profitable threats, such as spam and simple computer viruses, indicates a growth in targeted attacks against specific organizations and industries -- apparently created with the purpose of stealing critical data, identities or extorting money. The Global Business Security Index, a worldwide barometer of security trends collected and analyzed by IBM's Global Security Intelligence team and its partners, indicates that such customized, 'for profit' attacks have been predominantly directed at government agencies, financial services companies, healthcare organizations and large multinational corporations
manufacturing industries npl → industries fpl de transformation . According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the report, there were more than 237 million overall security attacks in the first half of the year. The government was the most targeted industry, with more than 54 million attacks, while manufacturing ranked second with 36 million attacks, financial services was third with approximately 34 million, and healthcare was hit with more than 17 million attacks - accounting for more than 137 million of all attacks this year. IBM has seen a resurgence of targeted phishing attacks for money laundering The process of taking the proceeds of criminal activity and making them appear legal. Laundering allows criminals to transform illegally obtained gain into seemingly legitimate funds. and identity fraud purposes, believed to be largely driven by criminal gangs that have become more astute in the creation and delivery of such attacks. According to its latest Global Business Security Index, in the first half of the year, there were more than 35 million phishing attacks launched to steal critical data and personal information for financial gains. Spawns of phishing threats such as 'spear phishing' - highly targeted and coordinated attacks at a specific organization or individual designed to extract critical data - increased more than ten-fold since January of this year alone. Unlike in previous years, when viruses were mainly created and launched to slow down and cripple IT systems, these types of 'customized' attacks have shown their potential to defraud businesses, steal identities and intellectual property and extort To compel or coerce, as in a confession or information, by any means serving to overcome the other's power of resistance, thus making the confession or admission involuntary. To gain by wrongful methods; to obtain in an unlawful manner, as in to compel payments by means of threats of money, while damaging the brand and eroding customer trust. The ratio of spam to legitimate email continuously decreased over the course of the last six months, from 83 percent in January to 67 percent in June 2005, while virus-laden email increased fifty percent over the same period. At first glance what appears to be good news - the leveling off of massive outbreaks that cripple IT environments on a regional or global basis in the past six months - seemingly indicates that hijacking hijacking Crime of seizing possession or control of a vehicle from another by force or threat of force. Although by the late 20th century hijacking most frequently involved the seizure of an airplane and its forcible diversion to destinations chosen by the air pirates, when computers to send spam is no longer the network disruption of choice. Hackers have turned toward more criminal and lucrative areas of directing attacks to specific individuals or organizations, often financially, competitively, politically or socially motivated. IBM's Global Business Security Index shows that in December of 2004, one in every 52 emails was infected by some sort of malicious security threat; by January it was one in every 35 emails, and by June, that ratio increased to one in every 28 emails - signifying a fifty percent increase from last year - a disturbing trend for businesses and consumers alike. "IBM advises its clients to rapidly adopt a holistic, enterprise-wide approach to security and risk management," said John Lutz
John Lutz (born 1939) is an American writer who mainly writes mystery novels. , general manager, Financial Services Sector, IBM. "To protect their critical data, infrastructure, brands, and money, IBM advises businesses to rethink how they protect their operations, business processes and governance structures. Companies can employ the latest protective technology, while ensuring that their own customers get highest level of protection available." Additional key findings from IBM's First Half 2005 Global Business Security Index: --Virus-laden emails increase: In January of 2004, 1 in every 129 emails was virus laden; by December 2004, it increased to one in every 51 emails. In January of 2005, the number was one in every 35; by June, the number had grown to one in every 28 emails --Phishing gains: 35.7 million emails contained some form of phishing attack; spear phishing See phishing. directed attacks rose from one of every 56 emails in January, to more than 600,000 in June --Spam levels off: Spam consistently decreased from 83 percent of all emails in January to 67 percent of all emails in June 2005 --Attacks by industry: the government was the most targeted industry with more than 54 million targeted attacks, manufacturing ranked second with almost 36 million attacks recorded, and financial services was third with a little over 34 million** --Attacks by location: Over the past six months, the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. was the source of the most attacks with 12 million, followed by New Zealand New Zealand (zē`lənd), island country (2005 est. pop. 4,035,000), 104,454 sq mi (270,534 sq km), in the S Pacific Ocean, over 1,000 mi (1,600 km) SE of Australia. The capital is Wellington; the largest city and leading port is Auckland. with 1.2 million, and China with approximately one million; Ireland was last with more than 30,000 attacks --Attacks by day: Increased critical security events are seen on Fridays and Sundays --Attacks by category: Reconnaissance attacks - probes to discover what devices, software, or vulnerabilities may exist - totaled more than 108 million, followed by service attacks of more than 61 million, web attacks with 29 million, denial of service attacks with 26 million; security administration was last with more than 230,000 attacks --Top 10 malware (malicious software) detected, by family, included: W32.Mytob; W32.Agobot; W32.Opaserv; W32.Sober; Ranky and Sdbot Dropper drop·per n. A device that produces drops, especially a small tube with a suction bulb at one end for drawing in a liquid and releasing it in drops. Also called instillator. dropper 1. ; W32.Backdoor See trapdoor. ; W32.Ranky; W32.Mydoom; W32.Sdbot and W32.Maslan --New threats emerged: --In March 2005, the emergence of a potential new threat affecting the Internet - pervasive Domain Name Service (DNS (Domain Name System) A system for converting host names and domain names into IP addresses on the Internet or on local networks that use the TCP/IP protocol. For example, when a Web site address is given to the DNS either by typing a URL in a browser or behind the ) cache poisoning was discovered. DNS cache poisoning Injecting false information into the caches of the DNS system so that future requests are diverted to another site. In July 1997, Eugene Kashpureff inserted fraudulent information into the DNS, causing users going to the Network Solutions Web site to be rerouted to his Alternic site. is the act of corrupting a DNS server's ability to map machine host names to its proper IP address and would hijack visitors to an advertisement or inappropriate web site instead. While these types of threats have been seen for a few years, the Years, The the seven decades of Eleanor Pargiter’s life. [Br. Lit.: Benét, 1109] See : Time new version uses two new technologies and any DNS server A dedicated server or a service within a server that provides DNS name resolution in an IP network. It turns names for Web sites and network resources into numeric IP addresses. DNS servers are used in large companies, in all ISPs and within the DNS system in the Internet, a vital service that is not configured properly may be susceptible to this type of attack --In May 2005, a malware business was uncovered operating from iframeDOLLARS.biz. This Web site attempted to recruit partner Web sites to host a variety of malicious code to exploit Internet Explorer browsers, which paved the way for numerous trojans, backdoors and spyware installed on a computer The IBM Global Business Security Index Report is a monthly report that assesses, measures and analyzes potential network security threats based on the data and information collected by IBM's 3,000 worldwide information security professionals and thousands of monitored devices. For more information, please visit: http://www-1.ibm.com/services/us/index.wss/offering/bcrs/a1008776. About IBM Global Services IBM Global Services is the world's largest business and technology services provider. It is the fastest growing part of IBM, with over 190,000 professionals serving customers in more than 160 countries. IBM Global Services is the world's largest information technology services and consulting provider. Some 190,000 professionals in more than 160 countries help clients integrate information technology with business value -- from the business transformation and industry expertise of IBM Business Consulting Services to hosting, infrastructure, technology design and training services. IBM Global Services delivers integrated, flexible and resilient processes across companies and through business partners, enabling clients to save money and transform their businesses to be more competitive. For more information, visit www.ibm.com/services. *Graphic/Charts are available of IBM's Global Business Security Index; MessageLabs contributed to report. ** A full list of security attacks by geography and industries is available upon request. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion