IBM recorded more than 1 billion suspicious computer security events in 2005, despite a leveling off in the amount of spam e-mail and a decrease in major Internet worm and virus outbreaks.
Enterprises should expect to see the same level of malicious traffic in 2006, even as online criminal groups shift to stealth attacks and cyber-extortion instead of massive, global malicious code attacks, said David Mackey, director of security intelligence at IBM.
The Armonk, New York, company has released its IBM Security Threats and Attack Trends report for 2005.
The report details the top threats of the last year, and makes predictions about prevalent security trends in 2006.
The predictions are based on threat and attack data from IBMs Security Operation Center, which manages intrusion detection, wireless security and firewall technology for IBM customer networks, Mackey said.
“We continue to see significant reconnaissance activity, whether its network mapping of organizations, or malware or botnets. Its not a global outbreak—theres nothing that will shut down networks across the globe. Its stealthier. Its about compromising the greatest number of systems,” he said.
Software holes in products from Microsoft Corp., based in Redmond, Wash., continued to be a hackers best friend, and dominated IBMs list of the top five security issues.
Flaws in Windows implementation of PnP (plug and play), which gave birth to the Zotob worm in August, topped the list of threats.
Problems with Windows (ASN) Abstract Syntax Notation and Graphics Rendering Engine (used to display Windows Metafile format images) were also among the top five risks last year, IBM said.
Windows holes will continue to be a top security concern in 2006, even though Windows XP Service Pack 2 has made it more difficult to launch massive, automated attacks on that system, IBM said.
However, online criminals will increasingly use focused stealth attacks on organizations and individuals. Cyber-extortion using threats of DoS (denial of service) attacks or the disclosure of sensitive data will increasingly be used in 2006, IBM predicted.
Botnets will continue to be the tool of choice for online criminals and criminal groups, though some may begin using instant messaging networks, rather than the popular IRC (Internet Relay Chat) protocol to control their minions, the report said.
Companies will also have to improve internal monitoring to catch insiders who are leaking confidential information or engaging in corporate espionage, IBM said.
“Criminals are trying to gain confidential data … Were seeing an organized effort to get as much information as possible from systems, whether its intellectual property, or trade secrets, or just financial information,” Mackey said.
Wireless security threats are a major concern, as companies use the technology to empower mobile workers, Mackey said.
IBM also predicted that users of Apple Computer Inc.s OS X operating system will have to contend with more vulnerabilities and the potential for more attacks, as Apple shifts to the popular Intel chip platform for its Mac systems.
However, other much-hyped security trends are unlikely to break out in 2006, including attacks on VOIP (voice-over-IP) systems and on mobile devices, the report said.
In general, enterprises need to be vigilant and watch for low-level attacks, even when no major security threat is dominating headlines, Mackey said. “A lot of this stuff is under everybodys radar. Its a lot more concerning in that regard,” he said.