X-Force Threat Insight Quarterly Report

The IBM Internet Security Systems X-Force® Threat Insight Quarterly is designed to highlight some of the most significant threats and challenges facing security professionals today. This report is a product of IBM Internet Security Systems Managed Security Services (MSS) and is compiled by the IBM Internet Security Systems X-Force (X-Force) security intelligence team of IBM Internet Security Systems (ISS). Each issue focuses on a specific challenge and provides a recap of the most significant recent online threats.

About the X-Force
The X-Force is a primary security research organization that discovers vulnerabilities and security flaws in computer networks and tracks emerging Internet threats. The X-Force serves as trusted security advisor to the U.S. Department of Homeland Security as well as many other federal, state and local government organizations, helping create governmental security standards and initiatives.

X-Force research helps form the basis for the IBM ISS protection platform. By researching vulnerabilities, IBM ISS is able to update its products and services to prevent attacks before they negatively impact an organization. IBM ISS products and services rely on X-Force research to preempt threats. Questions or comments regarding the content of this report should be addressed to xftas@us.ibm.com.

Latest report

This edition of the X-Force Threat Insight Report provides an exhaustive list of security alerts, breaches and the most commonly seen threats in Q1 2009. It also delivers three new and insightful articles by IBM ISS researchers. The first article assesses the "insider threat" to determine if it is an overstated problem, or a legitimate concern facing organizations today. The second article investigates the Microsoft Internet Explorer SPAN tag vulnerability, an issue that caused IBM ISS to raise the threat level to AlertCon 2 in December 2008. The third article covers various Web application vulnerabilities and discusses how they pose a significant threat to businesses and their customers.

The second article revisits a previous report topic - Domain Name System (DNS) cache poisoning. At the BlackHat USA 2008 conference, one of the presenters, Dan Kaminsky, detailed new ways in which caching name servers can be attacked and poisoned with false information. This article examines the details of the DNS vulnerability highlighted in Kaminsky’s presentation and provides recommendations on enhancing the resiliency and robustness of a DNS deployment and protecting against DNS cache poisoning.

Read this latest report (690KB)

Get Adobe® Reader®

Report archive

Feb 2009
Cyberterrorism – A Tale of Two Incidents
Jul 2008
Master Boot Record (MBR) rootkits
Jun 2008
Structured Query Language (SQL) injection
May 2008
Keyloggers, SSH
Apr 2008
SSH and SEO techniques
Mar 2008
IGMP and MLD - Two serious Windows vulnerabilities, and Phishing
Feb 2008
The problem with passwords
Jan 2008
Domain Name System (DNS)
Dec 2007
Cyberterrorism - Fact or Fiction?
Nov 2007
The State of Cryptography - Modern Applications in Information Technology
Oct 2007
Honeypots and Honeynets - From darknets to things that go bump in the dark
Sep 2007
The State of Cryptography - Public Key Cryptography
Aug 2007
Denial of Service (DoS) Attacks - A Significant Threat?
Jul 2007
The Web Operating System (WebOS)
Jun 2007
Virtualization - The Impact on the Security Enterprise Landscape
May 2007
The Emerging Threat Landscape
Apr 2007
From Botnet to Malnet
Mar 2007
Internet Protocol Television (IPTV)
Feb 2007
Shellcode Heuristics
Jan 2007
Browser Exploitations
Q3 2006
Challenges of Regulatory Compliance
Q2 2006
Vulnerability Management
Q1 2006
Wireless Technology
Q4 2005
Protecting Information - Closing the Path to Identity Theft
Q3 2005
Security implications and considerations of Internet Protocol version 6 (IPv6)
Q2 2005
Trojans, Spyware and Adware
Q1 2005
Focus on Voice over Internet Protocol (VoIP)
Q4 2004
Focus on Phishing