Local Tech Wire

RESEARCH TRIANGLE PARK, N.C. – Security threats reached record levels in the first half of 2010, surging 36 percent higher than a year ago, IBM reported Wednesday.

In its latest , IBM (NYSE: IBM) cited threats as “increasing dramatically.”

Some 4,396 vulnerabilities were tracked, and 55 percent of those still “had no vendor-supplied patch” or fix, IBM added.

"Threat dynamics continue to multiply and evolve at a furious pace, making it more crucial than ever to look at unfolding trends so we can better prepare our clients for the future," said Steve Robinson, general manager of

The biggest number of threats come from web applications at 55 percent of disclosed vulnerabilities.

IBM also noted that “covert attacks” this year “increased in complexity hidden within JavaScript and Portable Document Formats (PDFs).”

Security threats declined in 2009 from record levels in 2008.

However, in a positive sign, IBM said efforts to discover and disclose security threats by organizations also were higher “than ever before.” The amount of “phishing” also declined, IBM reported.

“This year’s X-Force report reveals that although threats are on the rise, the industry as a whole is getting much more vigilant about reporting vulnerabilities,” Robinson said. “This underscores the increased focus among our clients to continue looking for security solutions that help them better manage risk and ensure their IT infrastructure is secure by design."

The new report also raises some caution about "cloud computing" and virtualization. ()

IBM’s X-Force group has been tracking vulnerabilities since 1997.

IBM’s threat summaries by category:

• Web application vulnerabilities continue to be the largest category of vulnerability disclosures

Web application vulnerabilities have surpassed all other threats to account for 55 percent of all disclosures. While Web application vulnerabilities continue to climb at a steady rate, these figures may only represent the tip of the iceberg of total Web application vulnerabilities that exist, as they do not include custom-developed Web applications which can also introduce vulnerabilities.

• Covert, hidden attack methods grew in frequency and complexity, especially involving JavaScript

Enterprises are fighting increasingly sophisticated attacks on their computer networks, including Advanced Persistent Threats. These sophisticated attackers are employing covert means to break into networks without being detected by traditional security tools. JavaScript obfuscation is a particularly popular technique used by all classes of computer criminals to hide their exploits within document files and Web pages. IBM detected a 52 percent increase in obfuscated attacks during the first half of 2010 versus the same period in 2009.

• PDF exploits continue to soar as attackers trick users in new ways

X-Force started observing widespread use of PDF-based exploits during the first half of 2009. Since then, it has captured three of the top five slots for browser exploits used in the wild. The most significant jump associated with PDF attacks in 2010 occurred in April, when IBM Managed Security Services detected almost 37 percent more attack activity than the average for the first half of 2010. This spike coincided with a widespread spam campaign in which malicious PDF attachments were used to spread the Zeus and Pushdo botnets, some of the most insidious threats on the Internet today.

• Phishing activity declined significantly, but financial institutions remain the top target

Phishing volume has fluctuated wildly over the past few years. The first half of 2010 has only seen a fraction of the phishing attacks that were seen at the peak in 2009, a decline of almost 82 percent. Despite this drastic decline, financial institutions are still the number one phishing target, representing about 49 percent of all phishing emails, while credit cards, governmental organizations, online payment institutions and auctions represent the majority of other targets.

Get the latest news alerts: at Twitter.