Home Security Trends: Quality Over Quantity, Mobile Vulnerabilities and the Cloud

Security Trends: Quality Over Quantity, Mobile Vulnerabilities and the Cloud

As enterprises face increasingly sophisticated and specialized risks, criminals seem to be taking a quality-over-quantity approach to malware, phishing and spamming. According to the IBM X-Force 2010 Trend and Risk Report, spam and peaked and phishing declined last year. But total security disclosures increased, and, of course, we saw what happened with Stuxnet.

Stuxnet proved that highly targeted attacks against specialized equipment is no longer a hypothetical threat – it’s a real threat.

Although Stuxnet was the highest profile computer security story of 2010, the Zeus botnet continues to threaten far more individuals and organizations. According to the report, Zeus was responsible for stealing more than $1 million from customers of one UK-based financial institution alone. IBM warns that PDF vulnerabilities are a growing way to spread the Zeus trojan, and that FoxIt Reader is not immune to the flaws.

Despite the alarm it caused, the Conficker worm is in decline.

The good news is that phishing in decline. The peak level of phishing in 2010 was less than 1/4 the peak level of phishing over the past two years. The bad news is that “spear phishing” on the rise. Spear phishing is a more targeted form of phishing – the phisher generally poses as someone the victim knows.

Spam peaked in 2010, reaching its highest level in history, and then leveled off. IBM speculates that this is due to spammers seeing less benefit from high volume spamming. Instead, spammers seem to be focusing on bypassing spam filters. Again, quality over quantity is the new rule.

The number of mobile operating system vulnerabilities increased this year, but malware on mobiles is still uncommon. The biggest security risk remains lost or stolen devices.

Web applications accounted for nearly half the vulnerabilities disclosed in 2010. Cross-site scripting and SQL injections are the biggest problems, though cross-site scripting is in decline.

Perhaps the scariest fact in the report, however, is that nearly half the vulnerabilities disclosed remain unpatched.

The report also warned of security vulnerabilities in virtualization systems, particularly hypervisor escape vulnerabilities.

Although the number of security vulnerabilities in Web applications and hypervisors may be off-putting. IBM thinks cloud security will eventually improve to such a point that it becomes a driver, instead of an inhibitor, of cloud adoption. We’ve been saying much the same here for some time.

Also of note, IBM is opening the Advanced Institute for Security in Europe in Brussels. The goal of the institute is to connect representatives from the government, private sector and academia with IBM security experts in Europe.

Disclosure: IBM is a ReadWriteWeb sponsor.

Photo credit: Circo de Invierno

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.