Malware targeting mobile devices is on the rise and is raising new security concerns for IT departments, according to IBM's X-Force 2011 mid-year trend and risk report.
The study said the bring-your-own-device (BYOD) model, which allows employees to use personal smartphone and tablet devices to access corporate data and applications, has driven an increase in mobile malware threats and critical vulnerabilities. Mobile vulnerabilities are expected to grow at least 15% year-on-year, while mobile exploits are predicted to double compared with 2010.
"For years, observers have been wondering when malware would become a real problem for the latest generation of mobile devices. It appears that the wait is over," said Tom Cross, manager of threat intelligence and strategy for IBM X-Force.
IBM advised IT departments to step up anti-malware and patch management software in the face of increasing malware making use of mobile premium rate services, such as SMS, and targeting personal information.
The report warned critical vulnerabilities tripled in 2011 compared with 2010 due to "hacktivist" groups, such as LulzSec and Anonymous, using SQL injection attacks, and "whaling" or spear-phishing, whereby company senior executives with access to critical data are targeted. Anonymous proxies have more than quadrupled compared with three years ago.
Despite the rise in malware, the report said web application vulnerabilities fell for the first time in five years in the first half of 2011. The report added that levels of vulnerabilities in web browsers and spam had also declined significantly while traditional attacks on weak passwords and databases were still commonplace.
Recent research from G Data Security Labs found malware for smartphones and tablets was up 273% in the first half of 2011, compared with the same period in 2010.
Regulator PhonepayPlus recently launched a public consultation on its proposed guidance on mobile apps following an "increasing need" to address issues surrounding premium rate texts and other hidden charges in some rogue mobile applications.