IBM’s X-Force Trend and Risk Report, released this week, finds that while some improvements are being made (spam is down), mobile attacks, phishing attacks and automated web server hacks are on the rise.
First the good news. Spam was down 50 percent compared to 2010, only 36 percent of software flaws were left unpatched compared to 43 percent in 2010 and 30 percent fewer exploits were released overall. But there was a 19 percent rise in mbobile exploits released publicly in 2011. IBM credits this largely to an increase in jail-breaking exploits, which in turn led to attackers launching attacks to gain elevated privileges on the phones. Phishing levels reached their highest level since 2008 last year, thanks to the proliferation of bogus links on social networking sites like Twitter and Facebook and a bit of advertising click fraud, IBM found. And, while there may have been a 46 percent decrease in SQL injection vulnerabilities in Web applications, that may have been due to attackers shifting to a different tactic: shell command injections, which more than doubled in 2011. In addition to the attacks, IBM noticed an increase in brute force password attacks near the year’s end in November and December. via IBM Report: Mobile Attacks, Phishing Attacks Mount in 2011