IBM Report: Mobile Spam on the Rise, Sun Sets in the West

homerIn the immortal words of Homer Simpson, “D’Oh!” Just when you thought you had things figured out, a new report from IBM states that desktop computers will become the craze and everyone will want one, that everyone in the world will be able to send messages over this new thing called “the Internets”, and that a new pop star named Lady Gaga will take the world by storm. Oh yeah, they also advise us that mobile spam is on the rise. In other words, they’ve stated the blatantly obvious.

Haters of spam and phishing, beware. We’ve got some bad news for you. Really bad news. You’d better be seated for this one. We’ll wait.

[waits]

OK, good. Now that you’re seated, we have some earth-shattering news that will rock you to your socks: mobile spam is on the rise. Now that we’ve said it, we’ll wait while you catch your breath.

[waits]

Better now? Good, because it came as a shock to us, too. ComputerWeekly.com reported this week that IBM has just released its X-Force 2011 Trend and Risk Report, and the news is, well, just as we expected. Now that our sarcasm is expended, let’s take a look at the facts, for IBM does, in fact, put together a pretty sweet report, replete with fancy graphics and yes, some pretty interesting reading.

BYOB or BYOD?

Personally, I prefer BYOB, but IBM’s report focuses on the growing trend of BYOD, or bring your own device. A nifty if not so advantageous upgrade to the bring your parent to school days, BYOD, simply put, is a natural occurrence in a world that’s fascinated by mobile devices, such as smartphones and tablets. The offshoot of people bringing their devices to work, of course, is that they want to connect those devices to the company network, and that’s where the problem lies. According to IBM’s report, as stated by ComputerWorld.com, “Mobile vulnerabilities are expected to grow at least 15% year-on-year, while mobile exploits are predicted to double compared with 2010.”

IBM’s report, it seems, is bringing to bear our greatest fears. “’For years, observers have been wondering when malware would become a real problem for the latest generation of mobile devices. It appears that the wait is over,’ said Tom Cross, manager of threat intelligence and strategy for IBM X-Force.” IBM is advising IT departments everywhere to increase their vigilance (and maintain their software) by ensuring that anti-malware software and patches are kept up-to-date. Malware being delivered through SMS and the privacy risks that arise from personal devices that may not be secure are, of course, primary concerns for any network that might be compromised through a wireless connection with the infected devices.

Not So Anonymous Anymore

The report has identified a tripling in the amount of malicious activity between 2010 and 2011. The reason for this massive increase is due in no small part, “to ‘hacktivist’ groups, such as LulzSec and Anonymous, using SQL injection attacks, and ‘whaling’ or spear-phishing, whereby company senior executives with access to critical data are targeted. Anonymous proxies have more than quadrupled compared with three years ago.”

It’s Not all Bad

Even though malware is on the rise, it’s worth noting that the X-Force report found that web application vulnerabilities have decreased for the first time in five years. This can probably be attributed to the rise in more personalized and targeted attacks. ComputerWeekly.com notes that IBM found, “levels of vulnerabilities in web browsers and spam had also declined significantly while traditional attacks on weak passwords and databases were still commonplace.”

I Thought it was the Year of the Rabbit

IBM’s preamble to their analysis is a little chilling in what it predicts, and it should stand as a dire warning to anyone with a vested interest in maintaining security. “An explosion of breaches has opened 2011 with continuing, near daily new reports, marking this year as ‘The Year of the Security Breach.’ These breaches have been notable not just for their frequency, but for the presumed operational competency of many of the victims.” The environment is changing, they go on to state, and in that snippet of knowledge we can begin to understand what’s happening here.

If 2011 is the ‘Year of the Security Breach,’ then what, in God’s name, does 2012 have in store for us? If the victims, as IBM suggests, are atypical targets due to their high levels of ‘operational competency,’ then what’s next?

We’re not in Kansas, anymore, Toto.

Leave a Reply