An attack technique is being used by any number of cybercriminals at any one time and companies have been encouraged to do their security research work for their customers.

Delivering the keynote speech at the (ISC)2 conference on 'who's looking at your vulnerabilities – protecting your organisation from current and future threats', IBM ISS technical manager James Rendell, claimed that if security work is not done it is a 'shot in the dark'.

Speaking on the threat evolution, Rendell claimed that IBM ISS has picked up several active exploitations recently and was seeing several different attacks at once, suggesting that the technique is being used by several different groups at once.

“Before they would exploit it and expose it to the company, now [they are] selling knowledge and information, probably multiple times over,” said Rendell.

He further encouraged delegates to consider what hackers are going to be looking for, and to assess what makes for a good vulnerability. He said: “Something that will give real privilege, something that makes for real vulnerabilities overall, most result in some form of remote access.

“Hackers attack unpatched PCs, if you think about it the web browser is the most complicated application software running on a PC right now but we've not allowed a lot of expectations about what a browser can deliver, a web browser becoming a client application target of choice.”

He claimed that users and security managers alike do not think of the browser running sound files or Google Docs, and said that where you get complexity you get security weaknesses.