Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Mobile Security Exploits to Double in 2011, Says IBM X-Force Report

IBM researchers are predicting 2011 will see twice as many mobile exploits as 2010.

IBM researchers are predicting 2011 will see twice as many mobile exploits as 2010.

In a new report, IBM’s X-Force team declares the consumerization of IT – epitomized by the “Bring Your Own Device” approach becoming commonplace among companies – is raising security concerns due to the steady rise in security vulnerabilities and malware affecting these devices. Their declaration echoes findings from Damballa, which noted a significant increase in the number of Android devices infected with malware during the first half of the year.

“For years, observers have been wondering when malware would become a real problem for the latest generation of mobile devices,” said Tom Cross, manager of Threat Intelligence and Strategy for IBM X-Force, in a statement. “It appears that the wait is over.”

According to the report, mobile malware is typically delivered through third-party app stores. However, infected applications have also been found on applications on peer-to-peer networks, hosted on Websites and even on Usenet.

“These off-market applications are usually targeted at people looking for pirated versions of commercial Android applications,” the report’s authors wrote.

Mobile Device Exploits

While the report noted the increase in mobile threats, the researchers also found that the first half of 2011 saw a decrease in Web application vulnerabilities, which dropped from 49 percent of all vulnerability disclosures down to 37 percent. This is the first time in five years X-Force reported seeing a decrease. In addition, high and critical vulnerabilities in web browsers were also at their lowest point since 2007.

IBM researchers tested almost 700 web sites — from the Fortune 500 and other most popular sites – and discovered that 40 percent of these contain client-side JavaScript vulnerabilities. Meanwhile, the success of advanced persistent threats (APTs) raised the profile of “whaling” –spear phishing targeting large organizations, the researchers said.

“The rash of high-profile breaches this year highlights the challenges organizations often face in executing their security strategy,” Cross said. “Although we understand how to defend against many of these attacks on a technical level, organizations don’t always have the cross-company operational practices in place to protect themselves.”

Advertisement. Scroll to continue reading.

In related news, IBM also said that it is launching the Institute for Advanced Security in Asia Pacific, in order to combat growing security threats in the region. The IBM Mid-Year X-Force report states that top countries originating spam have shifted to Asia Pacific, with India sending out roughly 10 percent of all spam registered today, and South Korea and Indonesia also making the top five list. This Institute joins IBM Institues in Brussels, Belgium and Washington, D.C.

The full X-Force Report is available here. (PDF Download)

Related Reading: Attacks on Mobile and Embedded Systems: Current Trends

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.