The IBM X-Force Trend and Risk Report
The IBM X-Force Trend and Risk Report is produced twice per year: once at mid-year and once at year-end. This report provides statistical information about all aspects of threats that affect Internet security, including software vulnerabilities and public exploitation, malware, spam, phishing, web-based threats, and general cyber criminal activity. They are intended to help customers, fellow researchers, and the public at large understand the changing nature of the threat landscape and what might be done to mitigate it. Questions or comments regarding this report should be addressed to xforce@iss.net.
The IBM X-Force Threat Insight Report
The IBM X-Force Threat Insight Report is designed to highlight some of the most significant threats and challenges facing security professionals today. This report is produced by the IBM Managed Security Services (MSS) team, and is compiled by the IBM X-Force. Each issue focuses on a specific challenge and provides a recap of the most significant recent online threats. Questions or comments regarding this report should be addressed to xftas@us.ibm.com.
About IBM X-Force
The IBM X-Force research and development teams study and monitor the latest threat trends including vulnerabilities, exploits and active attacks, viruses and other malware, spam, phishing, and malicious web content. In addition to advising customers and the general public on how to respond to emerging and critical threats, the X-Force also delivers security content to protect IBM customers from these threats.
IBM X-Force® 2011 Trend and Risk Report
By mid-year, in the midst of frequent reports of data leaks, DoS attacks, and social Hacktivism, IBM X-Force declared 2011 the “year of the security breach”. By the end of the year, the frequency and scope of these incidents has persisted, and continues to bring awareness to the basic tenants of operating a business and protecting its assets in an increasingly connected world. Download a copy of the report here.
Not all the news was bad. For the first time X-Force saw a decline in the release of exploit software for known vulnerabilities and witnessed fewer vulnerabilities that remained unpatched. However, sophisticated attackers began adapting their techniques to some of these improvements being made, and X-Force witnessed a rise in emerging attack trends including mobile exploits, automated password guessing, a surge in phishing attacks, and shell command injections.
Our researchers also continue to explore how companies are keeping up with the complexities of mobile devices and cloud. The mass adoption of mobile devices always leads to the discussion of "bring your own device" (BYOD) programs, and how to mitigate the associated risks. Cloud adoption faces opens up similar discussions. The question is not whether the cloud is more or less secure, but on what specific controls, and business processes, should we be focused to reduce risk and ensure security in a cloud environment.
The sheer number of high profile and highly public incidents throughout 2011 is becoming a catalyst for executives and business leaders to re-evaluate the effectiveness of existing structures, policy and technology in the enterprise. We have a tremendous opportunity to help guide their decisions.
To learn more, download a copy of the full report here.
Latest Threat Insight Quarterly Report
This edition of the X-Force Threat Insight Report Quarterly delivers a new insightful article on "Stopping the Lulz of PII Theft," or how an enterprise can go about stopping the near daily breaches we're seeing in 2011. It also delivers a great article on the history of smartphones and the mobile computing revolution as related to enterprise security risks. And last, as always, an exhaustive list of Q2 threats, vulnerabilities, and security events are categorized and discussed.
Latest Threat Insight podcast
This edition of the IBM X-Force Threat Insight Quarterly podcast contains two discussions with the authors of the articles featured in our 2010 Q4 publication. The first interview is with John Kuhn, who highlights one of the big cross platform malware players today - Koobface. This computer worm targets users of social networking websites such as Facebook (its name is an anagram of ""Facebook""), MySpace, hi5, Bebo, Friendster and Twitter. Koobface was originally designed to infect Microsoft Windows, however newer variants now work on Mac OS X and Linux. In the second interview, Bryan Ivey discusses mobile attacks. There is little debate that portable communications devices have become a regular part of daily life in most regions of the world. This growth, coupled with potentially novice owners, provides an excellent avenue for monetary gain by attackers moving into this market and a danger to smart phone owners' and their companies' data.