IBM/X-Force Report IT Industry's Security Improvements

Increased focus on patching vulnerabilities in software in applications may cause a shift in hacking activity, revealed IBM's X-Force 2011 Trend and Risk Report.

According to the data provided, only 36 percent of software vulnerabilities remain unpatched in 2011, which compares well to the 43 percent unpatched in 2010. As a result, malicious attackers are changing their strategy and are increasingly focusing mobile exploits, automated password guessing, and phishing attacks. There is also a trend of automated shell command injection attacks against web servers, IBM said.

“In 2011, we’ve seen surprisingly good progress in the fight against attacks through the IT industry’s efforts to improve the quality of software,” said Tom Cross, manager of Threat Intelligence and Strategy for IBM X-Force. "In response, attackers continue to evolve their techniques to find new avenues into an organization. As long as attackers profit from cyber crime, organizations should remain diligent in prioritizing and addressing their vulnerabilities."

The report found several positive trends in 2011. For example, the spam volume was reduced by 50 percent, the volume of exploit code dropped by 30 percent, and there was a 50 percent reduction in cross site scripting (XSS) vulnerabilities. Virtually all improvements are due to a greater focus on security in software as well as improved patching behavior. However, it would be dangerous not to evolve defenses as hackers are apparently changing their attacks.

IBM suggests that exploiting shell command injection vulnerabilities are a significant trend, and there has been an unusually strong increase in password guessing techniques that have spiked in the second half of 2011. Companies and users should also anticipate greater phishing attack activity as well as more focus on social media and mobile devices. IBM said that publicly released mobile exploits jumped by 19 percent in 2011.

Check out more of IBM's security findings here.