Qualys today announced the release of the second annual “Top Cyber Security Risks Report.” featuring new data from HP TippingPoint DVLabs, SANS Institute and Qualys Research Labs, plus a “deep dive” analysis of PDF attacks, one of the fastest-growing classes of exploits now in play.
Qualys's data on patching status for vulnerabilities alone is derived from more than 13 million scans each week.
The report contains no major surprises, but rather documents in a thorough manner many of the trends that have been cited in the technical press over the past two years.
• Enterprise computing is becoming increasingly “consumerized.” Some of the most serious security issues this year have stemmed from increased use of consumer technologies in the enterprise, including downloads of applications and use of social media tools on company computers.
• Attacks on web applications have substantially increased, while conventional attacks against operating systems continue to decline. Once exception to this decline is the rise of cross site request forgeries.
• Servers are by far the preferred targets of attack. Attacks against servers outnumber those against clients 50 to 1.
• Legacy threats linger. Well-known and documented malware such as SQL Slammer is still prevalent.
• The number of unpatched vulnerabilities has increased dramatically, and now often runs into the hundreds per product.
In addition to statistics and summaries of trends, the report also contains an in-depth analysis of a PDF attack, down to the level of the code itself.
The complete 2010 “Top Cyber Security Risks Report” is available at http://dvlabs.tippingpoint.com/toprisks2010