The 2007 X-Force Security report from IBM finds a disturbing rise in the sophistication of attacks by criminals on Web browsers worldwide. According to IBM, by attacking the browsers of computer users, cyber criminals are now stealing the identities and controlling the computers of consumers at a rate never before seen on the Internet.
The study finds that a complex and sophisticated criminal economy has developed to capitalize on Web vulnerabilities. Underground brokers are delivering tools to help obscure or camouflage attacks on browsers, so cyber criminals can avoid detection by security software.
In 2006, only a small percentage of attackers employed camouflaging techniques. This number soared to 80 percent during the first half of 2007 and reached nearly 100 percent by the end of the year. The X-Force believes the criminal element will contribute to a proliferation of attacks in 2008.
Using these techniques, cyber criminals can infiltrate a user's system and steal their IDs and passwords or obtain personal information like National Identification numbers, Social Security numbers and credit card information. When attackers invade an enterprise machine, they could steal sensitive company information or use the compromised machine to gain access to other corporate assets behind the firewall.
"Never before have such aggressive measures been sustained by Internet attackers towards infection, propagation and security evasion. While computer security professionals can claim some victories, attackers are adapting their approaches and continuing to have an impact on users' experiences," said Kris Lamb, operations manager, X-Force Research and Development for IBM Internet Security Systems.
In other findings, for the first time ever, the size of spam emails decreased sharply to pre-2005 levels. X-Force believes the decrease is linked to the drop off of image-based spam.
Explore further: Ransomware like Bad Rabbit is big business