As progress has been made to close SQL injection vulnerabilities – the number of SQL injection vulnerabilities in publicly maintained web applications dropped by 46% this year – some attackers have now started to target shell command injection vulnerabilities, according to the 'IBM X-Force 2011 Trend and Risk Report'.
The X-Force report is based on intelligence gathered by IBM through its research of public vulnerability disclosures from more than 4,000 clients, and the monitoring and analysis of an average of 13 billion events daily.
Shell command injection vulnerabilities allow the attacker to execute commands directly on a web server. Shell command injection attacks rose by two to three times over the course of 2011, the report found.
“That is now one of the most common attacks we are seeing on the internet....It may be that attackers have glomed onto shell command injection because some of those vulnerabilities are being missed when people are trying to fix SQL injection issues”, observed Tom Cross, manager of threat intelligence and strategy for IBM X-Force.
In addition, IBM observed a large spike in automated password guessing activity directed at secure shell servers (SSH) in the latter half of 2011. “People scan the internet for SSH services...that have bad usernames and passwords. If those things are present, they will be cracked. We saw a big spike in this activity late in 2011”, Cross told Infosecurity.
The IBM report found that phishing came back with a vengeance in the second half of 2011, reaching volumes that have not been seen since 2008. Many of these emails impersonate social networking sites and mail parcel services, and entice victims to click on links to web pages that may try to infect their PCs with malware. Some of this activity can also be attributed to advertising click fraud, where spammers use misleading emails to drive traffic to retail websites.
“We have seen some interesting new attact trends in the past six months. At the same time, we are seeing some of the positive effects that people are doing to improve the security and resilency of software”, Cross commented
On the good news side, the X-Force report shows progress against a number of security threats. For example, the report indicates a 50% reduction over the past four years in the cross-site scripting vulnerabilities appearing in software applications tested by IBM.
Additionally, the number of unpatched software vulnerabilities is decreasing, with only 36% of software remaining unpatched in 2011, compared to 43% in 2010. This indicates more diligent patching by software vendors.
The report also notes an approximately 50% decline in the global volume of spam email compared to 2010.