India Responsible For Nearly 16% Of All Spam, Shows IBM X-Force Report

By Alexandra Burlacu | Dec 17, 2012 09:25 AM EST

Previous image Enlarge Close Next image

Share This Story

IBM has released its X-Force 2012 Mid-Year Trend and Risk Report, and results show that India has been sending out roughly 16 percent of all spam.

The report attributed the increase in spam to the 25 percent growth in Internet users in India over the past 12 months. The findings also mark the first time that a single country accounted for 16 percent of all spam. The U.S. held the previous record, accounting for 15 percent of all spam in 2007.

IBM's report also points to a dramatic increase in browser-related exploits, growing concerns regarding social media password security, as well as renewed challenges in mobile devices and corporate "bring your own device" (BYOD) to work practices.

"Today's security risks are fundamentally different; businesses have to be proactive about security, anticipating the kinds of risks that expanding the business or opening up operations to more clients and partners will create," said Vaidyanathan Iyer, country manager for Security, Software Group, IBM ISA.

"As clients strive to expand globally, achieve compliance and meet other information technology goals without adding resources, the IBM infrastructure, experience and expertise, coupled with the ability to manage multiple products from various security vendors, can help maximize existing security investments."

When it comes to emerging trends in mobile security, the report states that despite instances of exotic mobile malware, premium SMS scams still pose the greatest risk to most smartphone users. Such texting scams typically work by sending SMS messages to premium phone numbers in various countries, using installed applications. An app may look legitimate in an app store, but have malicious intent, it can be a clone of a real app with a different name and malicious code, or it can be a real app infected with malicious code and usually presented in an alternative app store.

Meanwhile, the pervasiveness of BYOD programs in the corporate environment is a game-changing transformation, notes the report. Many companies are still in the early stages of BYOD adoption, but allowing employees to connect their personal laptops or smartphones to the company network requires a clear policy and strong security measures.

The connection between Web sites, cloud-based services, and Webmail may provide a seamless experience from one device to another, but users should be careful about how they connect their accounts, how secure is their password, and what private data they are providing for password recovery or account resetting. The report advises users to employ lengthy passwords comprised of multiple words rather than a combination of characters, numbers and symbols.

When it comes to the server side, IBM's report recommends using a hash function that is suitable for password storage to encrypt passwords to the database. The hash function should reportedly be tough to calculate, thus limiting the effectiveness of potential attacks.

On the upside, the report does mention continued progress in certain areas of Internet security. IMB X-Force data shows a continuing decline in exploit releases, notable improvements from the top 10 vendors in patching vulnerabilities, and a considerable decrease in PDF vulnerabilities. According to IBM, this decrease is directly related to the new sandboxing technology the Adobe Reader X provides.

IBM makes its bi-annual X-Force report based on data from its security operations centers which monitor more than 15 billion security events per day, on behalf of roughly 4,000 clients in more than 130 countries.