RSS Alerts

Share

More services

Related Links

  • IBM
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Cyberpirates harpoon big fish through whaling
    Cybercriminals are increasingly using “whaling” – a targeted spear phishing attack that goes after “big fish” in an organization – to gain access to critical proprietary data, according to IBM’s X-Force 2011 Mid-Year Trend and Risk Report.
  • Comment: Some Documents Require Fine-Grained, Dynamic Security
    Knowledge workers are increasingly using their abilities to discover patterns where none were previously known: to find connections across disparate sources of data, or to identify suspicious behavior on the basis of anomalies in data streams. Open, flexible access to documents is essential for this process, and there is no way back to a world of siloed information. But, as IBM’s Joshua Fox examines, this very openness increases the risk of exposing sensitive data about an organization or its customers.
  • IBM snaps up Guardium
    IBM has acquired Guardium, a company that sells enterprise database monitoring and security software. The acquisition gives IBM a software product that helps automate security compliance tasks, the companies said.
  • Cryptography breakthrough paves way to secure cloud services
    A research student who had a summer job at IBM, has cracked a cryptography problem that has baffled experts for over 30 years. The breakthrough may pave the way to secure cloud computing services.
  • Learn about resilience and optimization on IBM power systems
    Vision Solution’s explores the data protection, recovery and optimization technologies and strategies for running AIX and IBM i (i5/OS) environments in its white paper State of Resilience & Optimization on IBM Power Systems.

Top 5 Stories

News

IBM X-Force threats and trends report paints a gloomy picture of security

03 October 2011

IBM's latest X-Force security threat trends report claims to show that mobile and critical exploits are soaring, and are expected to – respectively – double and triple during the current year.

According to the mid-year trend and risk report from Big Blue - which takes in analyses of around 12 billion security events tracked each day so far during 2011 - there has been a steady rise in the numbers of personal portable devices being taken into work by staff, along with a steady rise in the disclosure of security vulnerabilities affecting these devices.

As a result of this, IBM recommends that IT teams consistently employ anti-malware and patch management software for phones in enterprise environments.

Delving into the new report reveals that malicious software targeting mobile phones is being distributed through third-party app markets. Mobile phones, says the study, are an increasingly attractive platform for malware developers as the sheer size of the user base is growing rapidly, and there is an easy way to monetize mobile phone infections.

Driving this, IBM says that malware distributors can set up premium texting services that charge users that text to a specific number. Malware then sends text messages to those premium numbers from infected phones.

Some mobile malware, says the report, is designed to collect end user’s personal information - this data could then be used in phishing attacks or for identity theft. Mobile malware, the report adds. is often capable of spying on victim's personal communications as well as monitoring and tracking their physical movements via the GPS capabilities common in these phones.

"For years, observers have been wondering when malware would become a real problem for the latest generation of mobile devices", commented Tom Cross, manager of Threat Intelligence and Strategy for IBM X-Force. "It appears that the wait is over."

Critical vulnerabilities, meanwhile, are being exploited by teams of professional attackers motivated by a desire to collect strategic intelligence have been able to gain and maintain access to critical computer networks through a combination of stealth, sophisticated technical capabilities and careful planning.

These attackers, says Big Blue's report, are often referred to as Advanced Persistent Threats (APTs).

The success of APTs has raised the profile of `whaling' - a type of spear phishing which targets `big fish' or those positioned in high levels of an organization with access to critical data. These targeted attacks are often launched after careful study of a person’s online profiles has armed an attacker with the information needed to create a compelling phishing email that the victim will be fooled into clicking on.

Attacks from hacktivist groups, meanwhile, who target web sites and computer networks for political ends rather than just financial gain, are also on the rise. IBM's report notes that hacktivist groups have been successful in using well known, off-the-shelf attack techniques such as SQL injection, which is one of the most common attack techniques seen in the internet.

According to Cross, the rash of high-profile breaches this year highlights the challenges organizations often face in executing their security strategy.

“Although we understand how to defend against many of these attacks on a technical level, organizations don't always have the cross-company operational practices in place to protect themselves”, he noted.

This article is featured in:
Compliance and Policy  • Data Loss  • Internet and Network Security • Malware and Hardware Security • Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012