Internet Security Systems report.Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. Systems (ISS ISS See Institutional Shareholder Services (ISS). ), an IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) Company have releleased the highlights of its 2006 security statistics report, which describes key security findings for 2006 and predicts the nature of Internet threats expected to emerge in 2007. Based on early indicators, ISS anticipates a continued rise in the sophistication so·phis·ti·cate v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates v.tr. 1. To cause to become less natural, especially to make less naive and more worldly. 2. of profit-motivated cyber attacks, including an increased focus on the Web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. and advances in image-based spam. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the report,, which was developed by the ISS X-Force research and development team, there were 7,247 new vulnerabilities recorded and analysed by the X-Force in 2006, which equates to an average of 20 new vulnerabilities per day. This total represents a nearly 40 per cent increase over what ISS reported in 2005. Over 88 per cent of 2006 vulnerabilities could be exploited remotely, and over 50 per cent allowed attackers to gain access to a machine after exploitation. "While these numbers seem grim upon initial review, the good news is our research indicates a drop in the percentage of high-impact vulnerabilities since last year," said ISS. In 2005, high-impact vulnerabilities accounted for about 28 per cent of total vulnerabilities, while they only accounted for 18 per cent in 2006. The security industry has made great progress over the last year, but despite promising statistics such as this one, we predict that 2007 will require even higher levels of vigilance and innovation to deal with emerging threats and new vectors of attack. Attacks on Web browsers The following is a list of web browsers. Historical Historically important browsers In order of release:
This latest report from X-Force also points to new methods being used by attackers to avoid detection by commercial security solutions. In 2006, malware continued to become less distinct in its categorisation, instead borrowing characteristics from other successful forms of malware. As such, the classical groups of virus, rootkit, spyware and other categories typically used by the security industry to differentiate standalone protection products will be much less relevant in 2007. In 2006, X-Force also observed considerable Web browser exploitation and a strong increase in the use of Web exploit obfuscation ob·fus·cate tr.v. ob·fus·cat·ed, ob·fus·cat·ing, ob·fus·cates 1. To make so confused or opaque as to be difficult to perceive or understand: "A great effort was made . . . and encryption to make it difficult for signature-based intrusion detection See IDS and IPS. and prevention products to detect attacks. X-Force data indicates that approximately 50 per cent of Web sites hosting exploit material designed to infect browsers now obfuscate To make unclear or confuse. See obfuscator and e-mail obfuscator. or camouflage their attack, with approximately 30 per cent enerypting their payload (1) Refers to the "actual data" in a packet or file minus all headers attached for transport and minus all descriptive meta-data. In a network packet, headers are appended to the payload for transport and then discarded at their destination. . The X-Force has been cataloguing, analysing and researching vulnerability disclosures since 1997. With more than 30,000 security vulnerabilities catalogued, it has the largest vulnerability database in the world. This unique database helps X-Force researchers to understand the dynamics that make up vulnerability discovery and disclosure. In addition to the vulnerabilities catalogued in its X-Force database, ISS content filtering See Web filtering and parental control software. services are designed to provide a world-encompassing view of spam and phishing attacks. With millions of e-mail addresses actively monitored, ISS has identified numerous advances in the spain and phishing technologies used by online attackers. During 2005 and 2006, X-Force data indicates that the use of image-based spam increased rapidly, accounting for more than 40 per cent of spam messages at the end of 2006. This issue quickly became one of the biggest challenges in spam-fighting for 2006 since it is difficult for spam blockers that rely on content identification to decode text embedded within images. The X-Force report also discusses the following key security statistics for 2006, among others: * Within the last year, the volume of spare has increased by 100 per cent over what ISS reported in 2005. * The U.S., Spain and France are the three largest originators of spam worldwide. * After English, German is the most popular language in which spare messages are written. (X-Force predicts that as computer users become more savvy at detecting and deleting spam, spammers will increasingly localise v. t. 1. Same as localize. Verb 1. localise - identify the location or place of; "We localized the source of the infection" localize, place their messages in languages other than English LOTE or Languages Other Than English is the name given to language subjects at Australian schools. LOTEs have often historically been related to the policy of multiculturalism, and tend to reflect the predominant non-English languages spoken in a school's local area, the to improve the rate at which they are opened.) * The most popular subject line for spare in 2006 was 'Re: hi.' * South Korea accounts for the highest source of phishing e-mails. * The largest threat category of malware in 2006 was Downloaders, accounting for 22 per cent of all malware. (A Downloader is a piece of low-profile malware that installs itself on machines for the purpose of later downloading a more sophisticated malware agent.) * The most popular exploit used on the Internet to infect Web browsers with malware was for Microsoft's MS-ITS vulnerability (MS04-013), disclosed in 2004. * The busiest month in 2006 for vulnerability disclosure was June, while the busiest week was the week before Thanksgiving in November and the most popular day of the week to disclose vulnerabilities was Tuesday. In 2007, ISS also expects to see a continued rise in the total number of vulnerabilities, largely due to the release of new operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. . While the new operating systems include more security functions than previous versions and have undergone extensive security audits, their sheer complexity will likely introduce new vulnerabilities. In addition, the synchronised Adj. 1. synchronised - operating in unison; "the synchronized flapping of a bird's wings" synchronized synchronal, synchronic, synchronous - occurring or existing at the same time or having the same period or phase; "recovery was synchronous with therapy"- release of new and updated third-party products that support new operating systems will likely contribute to a record year for vulnerabilities in 2007. www.iss.com |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion