IBM report reveals biggest security issues of 2008

2009-02-19

IBM's X-Force team has released their yearly report on computer security, covering current and past trends and what they expect to see in 2009.

The 106 page report revealed a rise in web vulnerabilities, spam, phishing, malware economics, malware trends and some of the most notable malware events in 2008.

Here are some highlights from the report:

- 2008 proved to be the busiest year in X-Force history chronicling vulnerabilities - a 13.5 percent increase compared to 2007. (7,406 vulnerability disclosures total)

- The overall severity of vulnerabilities increased, with high and critical severity vulnerabilities up 15.3 percent and medium severity vulnerabilities up by 67.5 percent.

- Exploitation of Websites vulnerable to SQL injection has increased from an average of a few thousand per day, when they first took hold early in 2008, to several hundred thousand per day at the end of 2008.

- The number of new malicious Web sites in the fourth quarter of 2008 alone surpassed the number seen in the entirety of 2007 by 50 percent.

- The majority of phishing - nearly 90 percent - was targeted at financial institutions.

- Another trend that developed in 2008 is the focus on user action. Rather than having a generic subject line like "security alert", phishers attempt to engage the user into doing something like fixing an account that has been suspended or updating their account information.

The entire report can be read here.