North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

IBM report reviews Internet crime

  • From: michael.dillon
  • Date: Tue Feb 12 13:57:01 2008


IBM has released a report on Internet crime in 2007 here
<http://www.iss.net/documents/whitepapers/xforce_2007_annual_report.pdf>

Some highlights from the Management summary with my comments in [square
brackets]:

Vulnerabilities
* Although total vulnerability disclosures went down, the number of
reported high
severity vulnerabilities increased by 28 percent in comparison with
2006.
* The busiest day of the week for vulnerability disclosures continued to
be Tuesday,
with 1,361 new vulnerabilities disclosed on this day of the week in
2007.
* Of all the vulnerabilities disclosed in 2007, only 50 percent can be
corrected through
vendor patches. [suggests that ISPs need to be proactive about detecting
and blocking compromised machines]
* Nearly 90 percent of 2007 vulnerabilities could be remotely exploited,
up one
percentage point from 2006.

Web Browser Exploitation
* Most in-the-wild browser exploits are generated by Web exploit
toolkits.
* Critical vulnerabilities for Mozilla Firefox were dramatically lower
in 2007
compared to 2006.
[If you still distribute any kind of software kits that do not install
FireFox, you are doing your customers a disservice and making your
detection and blocking task that much bigger. When you contact customers
with compromised machines you might want to make it mandatory to install
Firefox from your servers before re-enabling Internet access]

Spam and Phishing
* Of the top 20 companies targeted by phishing in 2007, 19 are in the
banking industry
and one conducts recruiting.
[This suggests keywords to look for in incoming email. Also, for local
and regional ISPs, the number of companies in these two industries are
low enough that you may want to consider establishing a direct
relationship with them to configure stricter incoming email filters]

Web Content
* 9 percent of Internet content was classified as unwanted (criminal,
pornography, etc)
as compared to 12.5 percent in 2006.
* The U. S. far outpaces other countries as the primary hosting source
of adult,
socially deviant and criminal content on the Internet, accounting for
roughly 40-48
percent in each content category.
* The U. S. and Germany were the only two countries consistently among
the top three
hosting sources for each type of "unwanted" Internet content monitored
throughout 2007.
[Suggests that NANOG members need to raise the bar considerably to clean
up their own backyard. What do you know about your own Internet peering
partners?]

Malcode
* Trojans represent the largest category of malware in 2007 - 109,246
varieties
account for 26 percent of all malware.
* The most frequently occurring malware on the Internet was
Trojan.Win32.Agent -
26,573 varieties in 2007 account for 24 percent of all Trojans.
* The most common worm in 2007 was Net-Worm.Win32.Allaple with 21,254
varieties. It is a family of polymorphic worm that propagates by
exploiting
Windows(r) vulnerabilities instead of using e-mail.
[This suggests that targetting these specific attack vectors could clean
up a significant amount of the problem and correspondingly recduce your
costs for detection and blocking of compromised machines.]

Make sure to download the report for the complete management summary and
many more details. 

-------------------------------------------------------
Michael Dillon
RadianzNet Capacity Forecast & Plan -- BT Design
66 Prescot St., London, E1 8HG, UK
Mobile: +44 7900 823 672 
Internet: michael.dillon@xxxxxx
Phone: +44 20 7650 9493 Fax: +44 20 7650 9030
http://www.btradianz.com
 
Use the wiki: http://collaborate.intra.bt.com/