IBM X-Force released its 2009 Mid-Year Trend and Risk Report Aug. 26 with a mix of good news and bad news.
The good news is the number of vulnerabilities is declining. There were 3,240 new vulnerabilities discovered in the first half of 2009, an 8 percent decrease over the same period last year.
The bad news is that nearly half of all vulnerabilities remain unpatched. In addition, the number of PDF vulnerabilities disclosed in the first half of the year has already surpassed the number of disclosures from all of 2008.
The report also found that Trojans comprise 55 percent of all new malware, a 9 percent jump over the first half of 2008. The most prevalent pieces of malware are data-stealing Trojans. Trojans may be taking the place of phishing attacks with financial targets. In the first half of 2009, 66 percent of phishing was targeted at the financial industry, down from 90 percent last year. Online payment targets make up 31 percent of the targets.
"Two of the major themes for the first half of 2009 are the increase in sites hosting malware and the doubling of obfuscated Web attacks," said X-Force Director Kris Lamb. "The trends seem to reveal a fundamental security weakness in the Web ecosystem where interoperability between browsers, plug-ins, content and server applications dramatically increase the complexity and risk. Criminals are taking advantage of the fact that there is no such thing as a safe browsing environment and are leveraging insecure Web applications to target legitimate Website users."
The report can be downloaded here. Registration is required.