IBM X-Force reports that mobile threats are increasing

Share this article:

Mobile device vulnerabilities are at the forefront of cyber criminal trends, according to the annual "IBM X-Force Trend and Risk Report" (PDF) released on Thursday.

The study examined public vulnerability disclosures from more than 4,000 clients in 2011. Although progress against cyber security threats are evident, according to the findings, attackers have adapted quickly to the seemingly ubiquitous reliance on mobile devices. As a result, these tools are fast becoming a new, major target.

“New technologies are constantly being created that produce new challenges for IT security professionals.”

– Tom Cross, manager of threat intelligence and strategy for IBM X-Force

“We're starting to see real attack activity,” Tom Cross, manager of threat intelligence and strategy for IBM X-Force and co-author of the report, told SCMagazine.com on Thursday. “It's not nearly as prevalent as attacks against traditional workstations, but it's growing and it's a problem that people need to start taking seriously.”

According to the report, which examined the increase in malware related to mobile devices in 2011, many enterprises have been implementing bring-your-own-device security programs. However,  many CISOs continue to say “no,” rather than “how.”

In a majority of the mobile malware cases studied, infections were delivered to devices via what are considered “legitimate application stores” associated with mobile platforms.

“Most of these attacks really require social engineering to some degree,” Ciaran Bradley, vice president of handset security products at Adaptive Mobile, a Dublin, Ireland-based mobile security firm, told SCMagazine.com on Monday. “There are a limited number of ways you can get malware onto your device.”

In addition to mobile devices, the study revealed that social media networks and cloud computing also are becoming areas of focus for modern-day miscreants. In all of these areas, the report found that the industry is still in a somewhat novice state regarding security efforts.

“Security is challenging because the environment is constantly changing,” Cross said. “New technologies are constantly being created that produce new challenges for IT security professionals.”

Although the X-Force study highlighted cyber swindler trends, it also showed that progress was made against security threats, including a 50 percent decline in the last four years in cross-site scripting vulnerabilities, a 30 percent decrease in the availability of exploit code, and an overall decline in spam. As well, it revealed more diligent patching being executed by software vendors.

When it comes to overall industry collaboration efforts, Cross said that having information regarding how a breach occurred is valuable to business decision-makers in charge of security, as it lets them know what work to prioritize.

“There are many breaches that are still not disclosed, but disclosure is becoming more commonplace,” he said.
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.