There has been a 508 per cent increase in the number of new malicious web links in the first half of 2009.
According to the 'X-Force 2009 Mid-Year Trend and Risk Report' from IBM, this problem is no longer limited to malicious domains or untrusted websitesm as there is an increase in the presence of malicious content on trusted sites. These include popular search engines, blogs, bulletin boards, personal websites, online magazines and mainstream news sites.
The report also revealed that the level of veiled web exploits, particularly PDF files, is at an all time high, pointing to an increased sophistication of attackers. It claimed that PDF vulnerabilities disclosed in the first half of 2009 surpassed disclosures from all of 2008. From Q1 to Q2 alone, the amount of suspicious, obfuscated or concealed content monitored by the IBM ISS managed security services team nearly doubled.
Elsewhere, vulnerabilities have reached a plateau with 3,240 new vulnerabilities discovered in the first half of 2009, an eight per cent decrease over the first half of 2008.
Meanwhile phishing has decreased dramatically with analysts believing that banking Trojans are taking the place of phishing attacks geared toward financial targets. In the first half of 2009, 66 per cent of phishing was targeted at the financial industry, down from 90 per cent in 2008. Online payment targets make up 31 per cent of the share.
X-Force director Kris Lamb, said: “The trends highlighted by the report seem to indicate that the internet has finally taken on the characteristics of the Wild West where no one is to be trusted. There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware.
“We've reached a tipping point where every website should be viewed as suspicious and every user is at risk. The threat convergence of the web ecosystem is creating a perfect storm of criminal activity.”
Lamb also claimed that the trends revealed a fundamental security weakness in the web ecosystem where interoperability between browsers, plug-ins, content and server applications are dramatically increasing the complexity and risk.
“Criminals are taking advantage of the fact that there is no such thing as a safe browsing environment and are leveraging insecure web applications to target legitimate website users,” said Lamb.