IBM threat report highlights data risks

Hackers are becoming ever more inventive, IBM has warned

IBM has identified massive rises in phishing and malicious web links in its latest X-Force 2009 Trend and Risk Report.

The company said that more organisations are being targeted by data thieves looking to make monetary gain, and that hackers are using a variety of techniques to bypass defences.

"The number of new malicious web links has skyrocketed globally in the past year. Phishing activity, in which an attacker attempts to acquire sensitive information by masquerading as a legitimate organisation, also increased dramatically in the second half of 2009," said the report.

"Vulnerability disclosures for document readers and editors continued to soar, specifically with PDF documents."

IBM said that vulnerabilities had decreased by 11 per cent year on year, helped mostly by falls in attacks such as SQL injection, in which criminals inject malicious code into legitimate web sites, which it suggested could be a thing of the past.

The report also showed a decline in vulnerabilities in ActiveX, an Internet Explorer plug-in, which may indicate that some of the more easily discovered flaws have been eliminated.

However, web attacks, such as those using malicious code, are increasing, while the number of bad web links rose by 348 per cent last year.

Overall, IBM said that security vendors are making progress in the battle, specifically when it comes to reacting to published flaws.

Vulnerabilities with web browsers, document readers and editors with no available patches have decreased, indicating that software vendors have become more responsive to security issues, according to the report.

"Despite the ever-changing threat landscape, this report indicates that vendors are doing a better job responding to security vulnerabilities," said Tom Cross, manager of IBM X-Force Research.

"However, attackers have clearly not been deterred, as the use of malicious exploit code in web sites is expanding at a dramatic rate."