Web attacks will continue to rise

WEB BROWSER ATTACKS and image-based spam are set to become even bigger problems this year, according to a 2006 security statistics report by Internet Security Systems.

The report takes a look at the major security findings and woes of 2006 and has a guess at the state of affairs for 2007. ISS says that, based on early indicators, a rise in the cleverness of money-grabbing "cyber attacks" is likely, as is an increased focus on browser-based attacks and image based spam.

2006 was a big year for vulnerabilities, says the ISS XForce R&D team -over 7,000 new vulnerabilities were recorded and analysed by the team in the year which is about twenty new vulnerabilities each day. That's close to a 40 per cent increase compared to the 2005 ISS report. Worryingly, over 88 per cent of the vulnerabilities last year could be exploited remotely, while 50 per cent gave attackers access to a machine after exploitation.

According to the company, the rise in web browser attacks this year will be partially a result of the recent boom in the "exploits as a service" industry. Dodgy geeks are flogging exploit material much like the channel sales model used by legit corporations, says ISS, encrypting it and selling it to would-be spam distributors for a hefty price.

While these statistics certainly won't provide any webnaughts with a warm feeling in their cockles, ISS says it's not all bad news. Gunter Ollmann, ISS security director says that "the good news is our research indicates a drop in the percentage of high-impact vulnerabilities" compared to 2005. µ