Trends in Computer Security

IBM’s X-Force R&D has sent out a report( “pdf”:http://www-935.ibm.com/services/us/iss/xforce/midyearreport/xforce-midyear-report-2008.pdf ) detailing computer security statistics collected over the first six months of 2008.

Among the results of this report, we find the following (compared to last year’s figures):

• Decreased time between disclosure and public exploit
• Further shift from OS and multimedia exploits to web browser exploits
• Further shift from browser core to browser plugins

What this tells us is that attackers are keeping a steady eye on the disclosure process itself, quickly adapting the details into POC code. It also shows that attackers are recognizing and taking advantage of the browser as an attack vector– a trend that has been steadily increasing over the past few years.

Another interesting trend that caught my eye was the most commonly used web browser plugin exploits… most attacks exploited vulnerabilities that were between 1 and 2 years old. On one hand, I would say that an improvement has been made– no longer are people getting exploited by 4 or 5 year old bugs. But at the same time, we have a long way to go before people constantly address the security issues of software that is regularly exposed to the dangers of web browsing.

The rest of the report ( “pdf”:http://www-935.ibm.com/services/us/iss/xforce/midyearreport/xforce-midyear-report-2008.pdf ) is a very solid read– they cover everything from spam, to phishing, and even the relatively fresh vulnerability frontier of virtualization.