Online attacks are growing and evading detection, says IBM

That’s the verdict from IBM’s Internet Security Systems (ISS) X-Force research and development team, comparing year-on-year numbers. Its security statistics report for the first half of 2007 apparently identifies and analyses more than 210,000 new malware samples which already exceeds the total number observed for all of 2006. Most important, though, X-Force says that the ‘exploits as a service’ industry is thriving this year. Last year, it indicated that managed exploit providers had begun to buy exploit code from the underground, encrypt it so that it could not be pirated, and then sell it to spam distributors. This year, says the report, exploit providers have added a new practice of exploit leasing – meaning that attackers can now test techniques with a smaller initial investment, in turn making the underground market even more attractive. According to IBM’s report, Trojans make up the majority of malware so far in 2007 (accounting for 28% of all malwareas opposed to 2006’s top concern, which was Downloaders – low profile malware that installs itself so that it can later download and install a more sophisticated malware agent. “The X-Force security statistics report for 2006 predicted a continued rise in the sophistication of targeted, profit-motivated cyber attacks,” says Kris Lamb, director of X-Force for IBM ISS. “This correlates to the rise in popularity of Trojans that we are witnessing this year, as Trojans are often used by attackers to launch sustained, targeted attacks.” He also points to the use of web exploit obfuscation, which continues to rise, making it difficult for signature-based intrusion detection and prevention products to detect attacks. In 2006, around 50% of web sites hosting exploit material designed to infect browsers were camouflaging their attacks – now it’s 80%.