Businesses are putting their customers at risk due to lax
security according to
IBM's annual 2008 X-Force Trend and Risk report.
X-Force found that corporations were unwittingly putting their
own customers at risk for cyber-criminal activity. With the
increase in attacks using legitimate business sites as launching
pads for attacks against consumers, cyber-criminals are literally
turning businesses against their own customers in the ongoing
effort to steal consumers' personal data, X-Force said.
Kris Lamb, senior operations manager at X-Force Research and
Development for IBM Internet Security Systems, said hackers were
using large-scale, automated SQL injection attacks, a trend that
began in 2008 and has continued unabated. By the end of 2008, the
volume of attacks jumped to 30 times the number of attacks
initially seen this summer, he noted.
"This is one of the oldest forms of mass attack still in
existence today. It is staggering that we still see SQL injection
attacks in widespread use without adequate patching almost 10 years
after they were first disclosed. Cyber-criminals target businesses
because they provide an easy target to launch attacks against
anyone that visits the web."
X-Force noticed that attacks using ActiveX and downloadable
content such as movies and Acrobat files, have also increased.
According to X-Force, hackers are now using malicious movies (for
example, Flash) and documents (for example, PDFs). In the fourth
quarter of 2008 X-Force traced a 50% increase in the number of
malicious URLs hosting exploits than were found in the whole of
2007.