Research on browser weaknesses triggers attacks

Jul 30, 2008

IBM's X-Force says cyber-criminals are using public research on Web browser weaknesses to launch attacks before most users are even aware of their vulnerability. The mid-year report from the security group indicates that organized criminals are adopting new automated techniques and strategies that allow them to exploit vulnerabilities much faster than ever before.

According to the X-Force report, 94 percent of all browser-related online exploits occurred within 24 hours of a vulnerability being officially disclosed. These attacks, known-as "zero-day" exploits, are on the Internet before people even know they have a vulnerability that needs to be patched in their systems.

Many security researchers have routinely posted the code needed to exploit a weakness as part of a security advisory. According to the X-Force report, these disclosed vulnerabilities are twice as likely to trigger zero-day exploits.

"The two major themes in the first half of 2008 were acceleration and proliferation," said X-Force Operations Manager Kris Lamb. "We see a considerable acceleration in the time a vulnerability is disclosed to when it is exploited, with an accompanying proliferation of vulnerabilities overall. Without a unified process for disclosing vulnerabilities, the research industry runs the risk of actually fueling online criminal activity. There's a reason why X-Force doesn't publish exploit code for the vulnerabilities we have found, and perhaps it is time for others in our field to reconsider this practice."

The latest X-Force report also found that browser plug-ins are the newest target-of-choice. In the first six months of 2008, roughly 78 percent of web browser exploits targeted browser plug-ins.

For more security trends and predictions from IBM, including graphical representations of security statistics, please access the full report at: www.ibm.com/services/us/iss/xforce/midyearreport

Provided by IBM

Explore further: Digital dilemma: How will US respond to Sony hack?

add to favorites email to friend print save as pdf

Related Stories

Underfire Uber ramps up rider safety

8 hours ago

Uber is ramping up driver background checks and other security measures worldwide after the smartphone-focused car-sharing service was banned in New Delhi following the alleged rape of a passenger.

US probe links NKorea to Sony hacking

8 hours ago

A U.S. official says federal investigators have now connected the Sony Pictures Entertainment Inc. hacking to North Korea and are expected to make an announcement in the near future.

New York state bans fracking

8 hours ago

Governor Andrew Cuomo said Wednesday he would ban hydraulic fracking in New York State, citing health concerns about the controversial oil and gas drilling technique.

Sony cancels NKorea parody film release after threats

8 hours ago

Hollywood studio Sony Pictures on Wednesday abruptly canceled the December 25 release date of "The Interview," a parody film which has angered North Korea and triggered chilling threats from hackers.

Recommended for you

Digital dilemma: How will US respond to Sony hack?

Dec 18, 2014

The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle ...

UN General Assembly OKs digital privacy resolution

Dec 18, 2014

The U.N. General Assembly has approved a resolution demanding better digital privacy protections for people around the world, another response to Edward Snowden's revelations about U.S. government spying.

Online privacy to remain thorny issue: survey

Dec 18, 2014

Online privacy will remain a thorny issue over the next decade, without a widely accepted system that balances user rights and personal data collection, a survey of experts showed Thursday.

Spain: Google News vanishes amid 'Google Tax' spat

Dec 16, 2014

Google on Tuesday followed through with a pledge to shut down Google News in Spain in reaction to a Spanish law requiring news publishers to receive payment for content even if they are willing to give it away.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.