IBM’s X-Force 2010 Trend and Risk report showed that as vulnerability disclosures hit their highest level ever in 2010, security threats continued to increase in sophistication and precision.
Like the term or not, 2010 may well have been the year of the APT, the term has become familiar to nearly everyone in the security industry as a result of high profile attacks on various well known and security conscious companies.
Up 27%, 2010 witnessed more vulnerability disclosures than any year in history, nearly 8,000 more according to a report on IBM’s finding from Smartplanet.com. Of those disclosures, 49% were web application vulnerabilities, of which the vast majority resulted from XSS and SQL holes.
On a somewhat brighter note, spam levels seemed to hit a plateau last year. Though the plateau they settled upon happens to be the highest in history, their growth is decreasing. This seems to indicate that spammers are finding less value in blanket spamming, and more value in focusing their spam to avert filtering.
Technically, phishing attacks were down as well, but like the spamming numbers, it appears these statistics indicate a shift toward more lucrative methods like ATM skimming, spear-phishing, and the use of botnets, which despite a number of high profile takedowns, continue to increase in size and scope.
There also continues to be a lag between bug disclosures, publication, and patching that, if narrowed, would make it more difficult for attackers to successfully deploy exploits.
The most common source of malicious traffic in 2010 is still the Slammer Worm, a dinosaur in Web years, having first surfaced in 2003.
More and more, security is moving into the mainstream corporate consciousness as the proliferation of mobile devices and cloud computing increases the amount of viable intrusion points for hopeful hackers and attackers.