X-Force at mid-year: Cybercriminals get faster

Cybercriminals are adopting new automation techniques and improving on strategies that enable them to exploit vulnerabilities rapidly, a new study reveals.

According to the newly released IBM X-Force 2008 Mid-Year Trend Statistics report, it is now taking mere hours to exploit a vulnerability that used to take days.

Tom Cross, an X-Force researcher, told SCMagazineUS.com on Wednesday that there has been a significant increase in SQL injection vulnerabilities in the past year as well.

“The attackers are using automated widespread structured query language (SQL) injection to hit a lot of sites with code that will direct a victim to another attack,” he said. “And this is being done on a large scale, now.”

According to the report, the attacks are being driven by the evolution in creating and delivering exploit tools, as well as the lack of a standard protocol for disclosing vulnerabilities in the research industry.

Also, the practice of disclosing exploit code in tandem with a security advisory, which has been the accepted practice for many security researchers, may be helping to accelerate the exploits, Cross said. Vulnerabilities disclosed by independent researchers are likely to have exploit code published along with them, the report stated.

Some other key findings in the report:

  • Browser plug-ins are the newest target of choice. In the first six months of 2008, roughly 78 percent of web browser exploits targeted browser plug-ins.
  • The complex spam exploits of 2007 (image-based spam, file attachment spam, etc.) have almost disappeared and now spammers are using simple URL techniques.
  • Russia is responsible for 11 percent of the world's spam, followed by Turkey with 8 percent and then the United States with 7.1 percent.
  • Online gamers are targets. The X-Force report indicated that the top four password-stealing Trojans were all aimed at gamers.

The findings in the X-Force report confirm other research that shows how vulnerable most websites are to attacks, Avivah Litan, vice president and distinguished analyst at Gartner, told SCMagazineUS.com on Wednesday.

“Crooks have discovered that it is easy to get into insecure systems,” she said, “and they are using it more and more.”

Litan admitted that she found the increase of SQL injection attacks a bit surprising, simply because there is widespread technology to prevent those types of attacks.

“You would have thought these attacks would have been minimized by now, but the technology isn't being used wisely,” she said.

Sign up to our newsletters