Mobile Cyber-Attacks to Double By End of 2011

Mobile threats have exploded this year, and researchers believe the number of mobile device exploits will double by the end of the year, according to the latest IBM report.

The number of known mobile operating system vulnerabilities will increase only incrementally from 2010 to 2011, but the number of exploits based on those flaws is expected to double from 2010 to 2011, IBM's X-Force research group wrote in the IBM Mid-Year X-Force report released Sept. 29. The growth is actually less than what happened from 2009 to 2010, when the number of bugs doubled and the number of exploits jumped 400 percent, IBM said.

Of the 24 mobile operating system vulnerabilities seen in the first half of 2011, at least half involved easy-to-exploit security holes that allowed attackers to launch arbitrary code execution attacks on the target device. Almost all of the flaws involved client software remote code execution vulnerabilities that exposed users to drive-by-download attacks from malicious Websites, the report found.

"For years, observers have been wondering when malware would become a real problem for the latest generation of mobile devices," said Tom Cross, manager of Threat Intelligence and Strategy for IBM X-Force, before adding, "It appears that the wait is over."

Malware distributors are setting up premium texting services that charge users exorbitant rates to send SMS messages to that number. Other criminals are collecting the victims' personal information from infected devices which are then used in phishing attacks or identity theft, according to IBM X-Force.

IBM's X-Force researchers examined attack trends for the first half of 2011. The report is based on intelligence gathered through IBM's research of public vulnerability disclosures and the analysis of an average of 12 billion security events collected daily since the beginning of 2011, IBM said.

Malware authors are getting more sophisticated in their craft, but the threats are also coming from the users who increasingly bring their own smartphones and tablets into the enterprise but don't run any security tools to protect the devices. Developers aren't properly securing their applications and data is being leaked left and right. Finally, many security vulnerabilities remain unpatched on the mobile device because carriers aren't pushing out updates to their customers in a timely manner or it's too difficult a process to install the patch.

comments dic