Hackers camouflage 100% of Web attacks, IBM researcher says

Hackers now mask virtually every Web browser exploit as part of their normal procedure to evade detection by security software, said IBM's X-Force research team today. By the end of last year, according to Kris Lamb, director of IBM Internet Security Systems' X-Force, nearly 100% of all Web exploits were either self-encrypted or relied on obfuscation techniques to make it difficult for standard intrusion detection and intrusion prevention technologies to identify the attack code.

"In 2006, we saw about 50% of Web exploits obfuscated or encoded," said Lamb, adding that, on average, 80% were camouflaged throughout 2007. "But that jumped to almost 100% by the end of the year."

The reason for the cover-up boost is straightforward, said Lamb. "They're not dumb. They only do what they're forced to do," he explained. "For them to continue to get a high rate of return, they had to understand the protection technologies that were being used. And [security] vendors were doing a pretty good job.

"A lot of network security technologies were doing a good job in 2006, when they shifted from e-mail to Web browser as an [exploit] entry point. Vendors have been keeping up with that trend and building new types of [security] technologies to keep up with technologies extending the browser, like Flash and JavaScript," Lamb continued.