IBM on Wednesday reported that the number of discovered cracks that hackers could exploit in computer software surged in the first half of the year.

The number of new "vulnerabilities" documented by an X-Force Research and Development team at IBM increased 36 percent to 4,396 from the same period last year and more than half lacked patches to fix the flaws.

"This year's X-Force report reveals that although threats are on the rise, the industry as a whole is getting much more vigilant about reporting vulnerabilities," said IBM Security Solutions general manager Steve Robinson.

"Threat dynamics continue to multiply and evolve at a furious pace, making it more crucial than ever to look at unfolding trends so we can better prepare our clients for the future."

Software weaknesses were most abundant in Web applications, programs accessed in browsers on the Internet, according to the team. Web application vulnerabilities accounted for 55 percent of the disclosures.

"These figures may only represent the tip of the iceberg of total Web application vulnerabilities that exist, as they do not include custom-developed Web applications," X-Force said in a report of the findings.

Covert cyber attack tactics on business computers grew in frequency and complexity, according to X-Force.

Hacker attacks using booby-trapped document files "continue to soar" as cyber crooks find new ways to trick users, the report warned.

In a bit of encouraging news, the number of "phishing" attacks in which hackers use email messages to try to dupe people into visiting bogus websites or opening tainted files plunged 82 percent, according to X-Force.

"Despite this drastic decline, financial institutions are still the number one phishing target," the team concluded.

"Credit cards, governmental organizations, online payment institutions and auctions represent the majority of other targets."

earlier related report
Worst cyber attack on US military came via flash drive:US
Washington (AFP) Aug 25, 2010 - The most serious cyber attack on the US military's networks came from a tainted flash drive in 2008, forcing the Pentagon to review its digital security, a top US defense official said Wednesday.

The thumb drive, which was inserted in a military laptop in the Mideast, contained malicious code that "spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control," Deputy Defense Secretary William Lynn wrote in the journal Foreign Affairs.

The code was placed on the drive by "a foreign intelligence agency," Lynn wrote.

"It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary."

Previous media reports speculated that the attack may have originated from Russia.

The Pentagon had never openly discussed the incident, but Lynn chose to reveal the details of the attack as officials try to raise public awareness of the growing threat posed to government computer networks.

The incident served as a wake-up for the Pentagon and prompted major changes in how the department handled digital threats, including the formation of a new cyber military command, Lynn said.

After the 2008 assault, the Pentagon banned its work force from using flash drives, but recently eased the prohibition.

Since the attack, the military has developed methods to uncover intruders inside its network, or so-called "active defense systems," according to Lynn.

But he added that drafting rules of engagement for defending against cyber attack was "not easy," as the laws of war were written before the advent of a digital battlefield.