New Web application vulnerabilities accounted for more than half of all public disclosures and remained to be the leading threat, accounting 55% of all disclosures, while Covert, hidden attack methods also increased in frequency and complexity, according to an IBM report.
The annual X-Force 2010 Mid-Year Trend and Risk Report said that cloud computing and virtualisation were noted as key future security topics for enterprise organisations.
The report said that overall 4,396 new vulnerabilities were discovered in H1 2010, a 36% increase over same period in 2009. Out of these disclosed vulnerabilities, 55% had no vendor-supplied patch at the end of the period.
The report revealed that during H1 2010, organisations were doing more to identify and disclose security vulnerabilities than ever before and this in turn is driving more open collaboration to identify and eliminate vulnerabilities before cyber criminals can exploit them.
In addition, sophisticated attackers are employing covert means to break into networks, including JavaScript obfuscation technique used by all classes of computer criminals to hide their exploits within document files and Web pages.
IBM detected a 52% increase in obfuscated attacks during H1 2010 compared to same period in 2009.
The report also revealed that PDF has also been used by attackers to trick users in new ways and the most significant jump associated with PDF attacks in 2010 occurred in April, when IBM Managed Security Services detected almost 37% more attack activity than the average for the H1 2010.
Phishing volume had decreased by 82% compared to the phishing attacks that were seen at the peak in 2009.
However, financial institutions are the top phishing target, representing about 49% of all phishing emails, while credit cards, governmental organisations, online payment institutions and auctions represent the majority of other targets, the report said.
