The IBM X-Force Trend and Risk Report
The IBM X-Force Trend and Risk Report is produced twice per year: once at mid-year and once at year-end. This report provides statistical information about all aspects of threats that affect Internet security, including software vulnerabilities and public exploitation, malware, spam, phishing, web-based threats, and general cyber criminal activity. They are intended to help customers, fellow researchers, and the public at large understand the changing nature of the threat landscape and what might be done to mitigate it. Questions or comments regarding this report should be addressed to email@example.com.
The IBM X-Force Threat Insight Report
The IBM X-Force Threat Insight Report is designed to highlight some of the most significant threats and challenges facing security professionals today. This report is produced by the IBM Managed Security Services (MSS) team, and is compiled by the IBM X-Force. Each issue focuses on a specific challenge and provides a recap of the most significant recent online threats. Questions or comments regarding this report should be addressed to firstname.lastname@example.org.
About IBM X-Force
The IBM X-Force research and development teams study and monitor the latest threat trends including vulnerabilities, exploits and active attacks, viruses and other malware, spam, phishing, and malicious web content. In addition to advising customers and the general public on how to respond to emerging and critical threats, the X-Force also delivers security content to protect IBM customers from these threats.
An explosion of breaches has opened 2011 with continuing, near daily new reports, marking this year as “The Year of the Security Breach.” These breaches have been notable not just for their frequency, but for the presumed operational competency of many of the victims. The environment is changing: the boundaries of business infrastructure are being extended – and sometimes obliterated – by the emergence of cloud, mobility, social business, big data and more, while the attacks are getting more and more sophisticated, often showing evidence of extensive pre-operation intelligence collection and careful, patient, long term planning. The repercussions of these attacks are large enough to move security discussions out of technical circles and into the board room.
Paradoxically, a lot of improvement in the fight to secure the Internet has been shown so far this year…with many vulnerability and attack statistics significantly improving. So the good guys are winning some key battles, but the fight is far from over. The bad guys are simply moving on to new attack surfaces, and one of those new battlefields is smartphones. The rapid proliferation of these devices combined with a consolidation of operating systems has caused attackers to finally warm up to the opportunities these devices represent. As such, IBM X-Force research is predicting that exploits targeting vulnerabilities that affect Mobile operating systems will more than double from 2010.
In this new, more complex environment, compliance is simply not enough. Read the report to find out what the IBM X-Force Research and Development team would do if we were managing your network.
And also…the SQL slammer worm all but disappeared in March. Is this a good thing? IBM X-Force Research has determined that the possible cause of the SQL Slammer disappearance was a Black Knight creating a botnet. Read about it in the full report.
This edition of the X-Force Threat Insight Report Quarterly delivers a new insightful article on "Stopping the Lulz of PII Theft," or how an enterprise can go about stopping the near daily breaches we're seeing in 2011. It also delivers a great article on the history of smartphones and the mobile computing revolution as related to enterprise security risks. And last, as always, an exhaustive list of Q2 threats, vulnerabilities, and security events are categorized and discussed.
This edition of the X-Force Threat Insight Quarterly podcast contains two discussions with the authors of the articles featured in our Q1 2010 report. The first interview is with Peter Trinh who discusses how the gaming industry has become a favorable target for hackers. In the second interview, Lyndon Sutherland revisits fraud scams and dissects an employment scam that has been in operation since 2005.