Research on browser weaknesses triggers attacks

Jul 30, 2008

IBM's X-Force says cyber-criminals are using public research on Web browser weaknesses to launch attacks before most users are even aware of their vulnerability. The mid-year report from the security group indicates that organized criminals are adopting new automated techniques and strategies that allow them to exploit vulnerabilities much faster than ever before.

According to the X-Force report, 94 percent of all browser-related online exploits occurred within 24 hours of a vulnerability being officially disclosed. These attacks, known-as "zero-day" exploits, are on the Internet before people even know they have a vulnerability that needs to be patched in their systems.

Many security researchers have routinely posted the code needed to exploit a weakness as part of a security advisory. According to the X-Force report, these disclosed vulnerabilities are twice as likely to trigger zero-day exploits.

"The two major themes in the first half of 2008 were acceleration and proliferation," said X-Force Operations Manager Kris Lamb. "We see a considerable acceleration in the time a vulnerability is disclosed to when it is exploited, with an accompanying proliferation of vulnerabilities overall. Without a unified process for disclosing vulnerabilities, the research industry runs the risk of actually fueling online criminal activity. There's a reason why X-Force doesn't publish exploit code for the vulnerabilities we have found, and perhaps it is time for others in our field to reconsider this practice."

The latest X-Force report also found that browser plug-ins are the newest target-of-choice. In the first six months of 2008, roughly 78 percent of web browser exploits targeted browser plug-ins.

For more security trends and predictions from IBM, including graphical representations of security statistics, please access the full report at: www.ibm.com/services/us/iss/xforce/midyearreport

Provided by IBM

Explore further: Social media sackings risk stifling journalistic expression

Related Stories

Japan court upholds nuclear power plant injunction

35 minutes ago

A Japanese court upheld an injunction banning the restart of two nuclear reactors, a report said Tuesday, in a blow to the government's ambitions to return to atomic power generation.

Q&A: Deezer CEO sees 'big' upside for music streaming

45 minutes ago

Hans-Holger Albrecht entered a crowded music-streaming market when he became CEO of Paris-based Deezer in February. A month after taking the helm, Jay Z relaunched Tidal in the U.S. and a month from now, ...

Recommended for you

ICANN chief stepping down in early 2016

May 21, 2015

The head of the group that oversees all Internet addresses will step down early next year, after a plan to end US oversight of the key nonprofit organization.

How alternative currencies could catch on and cash in

May 21, 2015

Alternatives to cash, like Bitcoin and Uber, may never replace the coins in our pockets or paper bills in our wallets, but they are creating significant social and economic impacts, and with some design adjustments, ...

Spotify introduces video, radio service

May 20, 2015

While saying that it is still a music company at heart, Spotify says it is expanding its lineup to include podcasts, news radio and video streaming.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.