IBM X-Force Threat Reports

National Cybersecurity Awareness Week 2011 – 30 May to 3 June 2011

CYBER SECURITY 2011. NATIONAL CYBER SECURITY AWARENESS WEEK. For safe and secure online tips visit. www.staysmartonline.gov.au National Cybersecurity Awareness Week is an Australian Government initiative held annually in partnership with industry, community and consumer groups and all levels of government. The aim of the Awareness Week is to help Australians better understand cybersecurity risks and the simple steps they can take to protect themselves and their children online.

The Minister for Broadband, Communications and the Digital Economy, Stephen Conroy, together with the Attorney-General, Robert McClelland,will jointly launch the Awareness Week on 30 May.

For the 2010 National Cybersecurity Awareness Week more than 150 public and private sector organisations helped to promote cyber security messages through online activities and events around the country.

Information on how to stay safe and secure online can be found on the Stay Smart Online website: http://www.staysmartonline.gov.au

The IBM X-Force Trend and Risk Report
The IBM X-Force Trend and Risk Report is produced twice per year: once at mid-year and once at year-end. This report provides statistical information about all aspects of threats that affect Internet security, including software vulnerabilities and public exploitation, malware, spam, phishing, web-based threats, and general cyber criminal activity. They are intended to help customers, fellow researchers, and the public at large understand the changing nature of the threat landscape and what might be done to mitigate it. Questions or comments regarding this report should be addressed to xforce@iss.net.

The IBM X-Force Threat Insight Report
The IBM X-Force Threat Insight Report is designed to highlight some of the most significant threats and challenges facing security professionals today. This report is produced by the IBM Internet Security Systems (ISS) Managed Security Services (MSS) team, and is compiled by the IBM X-Force. Each issue focuses on a specific challenge and provides a recap of the most significant recent online threats. Questions or comments regarding this report should be addressed to xftas@us.ibm.com.

About IBM X-Force
The IBM X-Force research and development teams study and monitor the latest threat trends including vulnerabilities, exploits and active attacks, viruses and other malware, spam, phishing, and malicious web content. In addition to advising customers and the general public on how to respond to emerging and critical threats, the X-Force also delivers security content to protect IBM ISS customers from these threats.

2010 Full Year Trend and Risk Report

The IBM X-Force 2010 Trend and Risk Report reveals how 2010 was a pivotal year for the information security industry as networks faced increasingly sophisticated attacks from a widening variety of malicious sources.

2010 saw the largest number of vulnerability disclosures in history, up 27 %. This increase has had a significant operational impact for anyone managing large IT infrastructures. More vulnerability disclosures can mean more time patching and remediating vulnerable systems.
49% of the vulnerabilities disclosed in 2010 were web application vulnerabilities. The majority of these were cross site scripting and SQL injection issues. These vulnerabilities represent just the tip of the iceberg since many organizations develop third-party applications in-house that are not subject to public vulnerability reports.
Many exploits are publicly released tens or hundreds of days after the public disclosure of the vulnerabilities they target, indicating that attackers may be able to make use of exploit code long after patches have been made available.
The SQL Slammer worm continues to propagate on the Internet although it first surfaced in back in January 2003. Today this worm continues to be the most common source of malicious Internet traffic.
Bot network activity continued to grow in 2010. In addition, the term “Advanced Persistent Threat” became an everyday part of the corporate security lexicon after high profile attacks on corporate enterprises by sophisticated, targeted attackers.
Emerging trends like cloud computing and the proliferation of mobile devices continue to raise security concerns. Security has become a major influencer in the adoption of these technologies in corporate environments..