A report from HP identifies the greatest risks facing the security industry this year, including ambiguous hacktivist motivations, a MarketWire press release says.
The 2011 Top Cyber Security Risks Report identified the growing sophistication and severity of security attacks and the resulting risks, aiming to provide information to help enterprises and governments understand the thread landscape and assess their security posture, the release says.
The report indicated that hacker motivations are continuously changing due to the influx of hacktivist groups such as Anonymous and LulzSec. Also, advances in hacking attack techniques have led to increased "success" rates of security breaches.
Some key findings from the report include:
- Although vulnerability reports have declined, attacks have more than doubled in the second half of 2011.
- Nearly 24 percent of new vulnerabilities disclosed in commercial applications in 2011 have a severity rating of 8 to 10.These vulnerabilities can result in remote code execution, the most dangerous type of attack.
- Roughly 36 percent of all vulnerabilities are in commercial Web applications.
- 86 percent of Web applications are vulnerable to an injection attack.
- Web exploit toolkits are still popular in 2011 due to a high success rate. These "packaged" attack frameworks are traded or sold online. The Blackhole Exploit Kit is most used by cybercriminals, and it has an unusually high infection rate of more than 80 percent by late November 2011.