Software applications rather than operating systems or web browsers were the favoured target of cyber attackers last year, although the total number of application vulnerabilities was significantly down compared to 2009, a new report from Microsoft has shown.
Microsoft’s latest Security Intelligence Report found that overall, the industry’s disclosure of vulnerabilities – holes in software that bad guys can exploit – has been declining since 2006. Microsoft attributed this to better development practices and quality control on the part of developers, which it said results in more secure software.
In the third quarter, the number of Java attacks increased to fourteen times the number recorded in the previous quarter, following the discovery of two vulnerabilities in the Java Virtual Machine. These flaws alone accounted for 85pc of the Java exploits detected in the second half of 2010. By the end of the year Java exploits far outnumbered all other types of software vulnerabilities such as HTML/Script, operating systems, document readers and even Adobe Flash.
Drop-offs in flow of spam
The flow of spam also saw two massive drop-offs during last year, in September and December, which Microsoft said was due to the elimination of two sources – the Cutwail Spambot and Rustock. While Cutwail was taken out as part of an operation by security researchers, Rustock re-emerged in January and has begun sending spam again.
Now in its tenth year, Microsoft’s Security Intelligence Report provides in-depth perspectives on software vulnerabilities, exploits, malicious and potentially unwanted software and security breaches in both Microsoft and third party software.
The full report can be downloaded here.