IBM : Browsers are Under Attack

Surprise. Surprise.

In a new study from IBM’s Internet Security Systems (ISS) X-Force, IBM reports that Web browsers are under siege from organized crime. The X-Force report claims that the cybercriminals are making increasing use of ‘camouflaging’ techniques. According to X-Force, in 2006 camouflaging was only used by a small percentage of attackers while by the end of 2007 nearly 100 percent of attacks were camouflaged.

“Never before have such aggressive measures been sustained by Internet
attackers towards infection, propagation and security evasion. While
computer security professionals can claim some victories, attackers are
adapting their approaches and continuing to have an impact on users’ experiences,” said Kris Lamb, operations manager, X-Force Research and
Development for IBM Internet Security Systems in a statement.

That aside, the X-Force report does show some trends that could be considered to be positive. Among them is the fact that the study found that spam email was on the decline, dipping to levels not seen since before 2005. The X-Force report also disclosed that the overall number of vulnerabilities reported during 2007 actually declined for the first time in a decade.

From my own personal point of view, considering that browsers are the gateway to the web and applications in the modern Web 2.0 era, there is no surprise that Web browsers are under attack. In fact as far as I know in the last several years there hasn’t been a time when web browsers weren’t under attack.  Microsoft has been reasonably vigilant about fixing their browser as has Mozilla, though of course there is always the zero day stuff that inevitably occurs.

When it comes to ‘camouflaging’ of attacks that’s also something that makes sense. Remember (notorious convicted now reformed) hacker Kevin Mitnick? His key technique was all about evasion (call it camouflage if you really want too). I have no idea why any attacker wouldn’t camouflage their attack (unless of course they’re trying to get caught!).

News Around the Web