Figures are “tip of the iceberg”, says IBM

The number of IT security slips reported to IBM jumped rapidly in the first half of 2010.

Overall, 4,396 new IT threats were documented in the first half of 2010, a 36% increase over the same period last year, according to IBM's research.

Web application vulnerabilities continued to be the leading threat, accounting for more than half of all notifications.

In addition, covert attacks increased in complexity hidden within JavaScript and PDFs, while cloud computing and virtualization were noted as key future security topics for enterprise organisations.

These figures may only represent the “tip of the iceberg”, claimed IBM.

An overview of the trends identified is listed below.

Web application vulnerabilities continued to be the largest category of notifications surpassing all other threats.

Enterprises are also fighting increasingly sophisticated attacks on their computer networks, noted the research. These sophisticated attackers are employing covert means to break into networks without being detected by traditional security tools.

PDF exploits continue to soar as attackers trick users in new ways. The most significant jump associated with PDF attacks in 2010 occurred in April, which coincided with a spam campaign in which malicious PDF attachments were used to spread botnets.

IBM called these attacks: “some of the most insidious threats on the Internet today”.

Phishing activity declined significantly although financial institutions remained the top target. The first half of 2010 has only seen a fraction of the phishing attacks that were seen at the peak in 2009.

Future trends

IBM also identified some key trends to watch for in the future.

Security concerns remain a hurdle for organisations looking to adopt cloud computing. As they transition to the cloud, IBM recommended that organisations start by examining the security requirements of the workloads they intend to host in the cloud.

This report comes from IBM's X-Force team, which has catalogued, analysed and researched more than 50,000 vulnerability disclosures since 1997.