August 26, 2009

Phishing Down, Hackers Improving Targets

A new report from IBM Corp found that hackers appear to be slowing down the use of phishing to steal personal information.

Issued on Wednesday, the X-Force 2009 Mid-Year Trend and Risk Report showed a noteworthy decrease in the method involving "phishing" e-mails while other methods have drastically increased.

The report shows that phishing attempts made up only 0.1 percent of all spam in the first half of 2009, compared to 0.2 percent in 2008.

During the first half of 2009, 66 percent of phishing attacks were targeted at the financial industry, which is down 90 percent compared to the same period the year before.

"That is a huge, precipitous decline in the amount of phishing," said Kris Lamb, director of the X-Force research team in IBM's Internet Security Systems division.

"I wouldn't tell anybody that phishing has died as a threat."

The report found a 508 percent increase in the number of new malicious Web links during the first half of 2009.

The study also showed that the new wave of hacking shows a much more sophisticated approach, with PDF vulnerabilities being exploited at a much higher rate during the first half of 2009 than in the second half.

"The trends highlighted by the report seem to indicate that the Internet has finally taken on the characteristics of the Wild West where no one is to be trusted," said Lamb.

"There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We've reached a tipping point where every Web site should be viewed as suspicious and every user is at risk. The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity."

Additionally, the study showed that SQL injection attacks - attacks where criminals inject malicious code into legitimate Web sites, usually for the purpose of infecting visitors - rose 50 percent from Q4 2008 to Q1 2009 and then nearly doubled from Q1 to Q2, according to a written statement.

"Two of the major themes for the first half of 2009 are the increase in sites hosting malware and the doubling of obfuscated Web attacks," Lamb said. "The trends seem to reveal a fundamental security weakness in the Web ecosystem where interoperability between browsers, plugins, content and server applications dramatically increase the complexity and risk."

"Criminals are taking advantage of the fact that there is no such thing as a safe browsing environment and are leveraging insecure Web applications to target legitimate Web site users," Lamb added.


On the Net: