Skip to main content

 

IBM X-Force Threat Reports

The IBM X-Force Trend and Risk Report
The IBM X-Force Trend and Risk Report is produced twice per year: once at mid-year and once at year-end. This report provides statistical information about all aspects of threats that affect Internet security, including software vulnerabilities and public exploitation, malware, spam, phishing, web-based threats, and general cyber criminal activity. They are intended to help customers, fellow researchers, and the public at large understand the changing nature of the threat landscape and what might be done to mitigate it. Questions or comments regarding this report should be addressed to xforce@iss.net.

The IBM X-Force Threat Insight Report
The IBM X-Force Threat Insight Report is designed to highlight some of the most significant threats and challenges facing security professionals today. This report is produced by the IBM Internet Security Systems (ISS) Managed Security Services (MSS) team, and is compiled by the IBM X-Force. Each issue focuses on a specific challenge and provides a recap of the most significant recent online threats. Questions or comments regarding this report should be addressed to xftas@us.ibm.com.

About IBM X-Force
The IBM X-Force research and development teams study and monitor the latest threat trends including vulnerabilities, exploits and active attacks, viruses and other malware, spam, phishing, and malicious web content. In addition to advising customers and the general public on how to respond to emerging and critical threats, the X-Force also delivers security content to protect IBM ISS customers from these threats.

Latest Trend and Risk Report

In addition to standard vulnerability, malware, spam, phishing, and web threat statistics, the IBM X-Force 2009 Mid-year Trend and Risk Report features the following special topics:

  • Document vulnerabilities. In the first half of the year alone, the total number of vulnerabilities disclosed in some of the document types we traditionally consider "secure" has already exceeded the total number of disclosed vulnerabilities found in them in all of 2008.
  • Most disclosed vulnerabilities. Microsoft is no longer number one in the "most disclosed vulnerabilities" category.
  • Better Browsers. More secure (if you update) but still the main exploitation target.
  • Bad Web Links. More prolific for spam, phishing, and the delivery of malicious code.
  • Conficker and Lessons Learned.Conficker had baffled security researchers, caused panic among computer users, and had shown us a glimpse of the mindset and the sophistication of cybercriminals.

Briefing sessions

Watch a recording of the recent briefing session held in Sydney.

Report archive

2008 Mid-Year Trend and Risk Report Report(3380KB)

2008 Mid-Year Trend and Risk Report Report graphics(ZIP, 1370KB)

2007 Annual Trend and Risk Report Report(3120KB)

2006 Annual Trend and Risk Report Report(2350KB)

Q3 2008 Attacks against a major U.S. media outlet, CAPTCHA security(1748KB)

Jul 2008 Master Boot Record (MBR) rootkits(1753KB)

Jun 2008 Structured Query Language (SQL) injection(1611KB)

May 2008 Keyloggers, SSH(2185KB)

Apr 2008 SSH and SEO techniques(1220KB)

Mar 2008 IGMP and MLD - Two serious Windows vulnerabilities, and Phishing(1193KB)

Feb 2008 The problem with passwords(3220KB)

Jan 2008 Domain Name System (DNS)(469KB)

Dec 2007 Cyberterrorism - Fact or Fiction?(3380KB)

Nov 2007 The State of Cryptography - Modern Applications in Information Technology(1313KB)

Oct 2007 Honeypots and Honeynets - From darknets to things that go bump in the dark(1504KB)

Sep 2007 The State of Cryptography - Public Key Cryptography(1174KB)

Aug 2007 Denial of Service (DoS) Attacks - A Significant Threat?(2082KB)

Jul 2007 The Web Operating System (WebOS)(1010KB)

Jun 2007 Virtualisation - The Impact on the Security Enterprise Landscape(1890KB)

May 2007 The Emerging Threat Landscape(1552KB)

Apr 2007 From Botnet to Malnet(1334KB)

Mar 2007 Internet Protocol Television (IPTV)(1455KB)

Feb 2007 Shellcode Heuristics(1369KB)

Jan 2007 Browser Exploitations(1781KB)

Q3 2006 Challenges of Regulatory Compliance(1012KB)

Q2 2006 Vulnerability Management(991KB)

Q1 2006 Wireless Technology(788KB)

Q4 2005 Protecting Information - Closing the Path to Identity Theft(3489KB)

Q3 2005 Security implications and considerations of Internet Protocol version 6 (IPv6)(343KB)

Q2 2005 Trojans, Spyware and Adware(282KB)

Q1 2005 Focus on Voice over Internet Protocol (VoIP)(212KB)

Q4 2004 Focus on Phishing(145KB)