The Good: Less Spam

The amount of spam email in 2011 was about half of what was found the year before, according to IBM. Some of that is attributable to the takedown by law enforcement of several spam botnets, such as the Rustock botnet.

When security vulnerabilities are disclosed, exploit code can be released for attackers to download. This allows them to take advantage of the problem and access computers. IBM saw about 30 percent fewer exploits in 2011 than 2010, and gave credit to software developers instituting architectural and procedural changes that made it more difficult for cyber-criminals to exploit vulnerabilities.

Some security vulnerabilities in software are never patched. However, the percentage of unpatched vulnerabilities in 2011 was 36 percent. In 2010, it was 43 percent.

The quality of software is improving, thanks in part to developers using tools and services to analyze, find and fix vulnerabilities. IBM found that cross-site scripting (XSS) vulnerabilities are 50 percent less likely than four years ago to exist in customers’ software. However, these vulnerabilities still appear in 40 percent of the applications IBM scans with its AppScan OnDemand service. That’s too much.

Attackers are adjusting what they do, and the ripe field of mobile computing is one place they’re focusing on. IBM found a 19 percent jump from 2010 to 2011 in the number of publically released exploits that target mobile devices. That is dicey for IT departments as they deal with the growing bring-your-own-device (BYOD) trend in the enterprise.

As social media adoption grows, so has cyber-criminal activity in the space, including a surge of phishing emails posing as social media sites. The issue is made even more dire by the amount of personal and professional information that people are willing to put on these social media sites, according to IBM.

As social media adoption grows, so has cyber-criminal activity in the space, including a surge of phishing emails posing as social media sites. The issue is made even more dire by the amount of personal and professional information that people are willing to put on these social media sites, according to IBM.

Progress has been made in closing SQL injection vulnerabilities: The number in publically maintained Web applications dropped 46 percent in 2011. Now, some attackers are targeting shell command injection vulnerabilities, which allow them to execute commands directly on a Web server. Shell command injection attacks rose almost three times over the course of 2011, IBM found.

Poor passwords and password policies continue to play a role in security breaches. Cyber-criminals are continuing to eye this area with automated attacks that scan the Internet for systems with weak log-in passwords. There was a big jump in the second half of 2011 in password-guessing activity aimed at secure shell servers.

The volume of email attributed to phishing was relatively low in 2010 and the first half of 2011. That changed in the second half of last year, when researchers saw a surge in activity that reached volumes not seen since 2008. Many of the phishing emails impersonate social media sites or mail parcel services. They try to entice users to click on links to Web pages that could infect their PCs with malware. There also is the problem of click fraud, where misleading emails are used to drive traffic to retail Websites, according to IBM.