Businesses, beware of spam
India remains the top country for distributing spam, dominating the top of the list and setting an all-time record by sending out roughly 16 per cent of all spam registered today, states IBM\\\'s \"X-Force 2012 Mid-Year Trend and Risk Report.\"
Over the recent one year, there has been a 25 per cent growth in the Indian Internet users which resultantly has attributed to the increase in spam. Prior to India, the United States was the record holder with around 15 per cent in its kitty in 2007. It is for the first time that any country has accounted for 16 per cent of all spams. The findings of the report also state that there is a significant increase in browser-related exploits, renewed concerns around social media password security and continued challenges in mobile devices.
The data for the bi-annual X-Force report comes from IBM's security operations centers which monitor more than 15 billion security events a day on behalf of approximately 4,000 clients in more than 130 countries.
Increasing security concerns
In an ideal world, everyone would use a random password for every website they log into. There are a wide variety of tools to make this a reality for those willing to do so. As companies and individuals strive to keep afoot with the ever expanding businesses and try to get global, security investments should be one of their core concerns. Keeping the increasing security risks in mind, businesses have to be proactive about security.
The report mentions the emerging trends in mobile security and states that while there are instances of exotic mobile malware, most smartphone users are still most at risk of premium SMS (short message service, or texting) scams. These scams work by sending SMS messages to premium phone numbers in a variety of different countries automatically from installed applications. There are multiple scam infection approaches for this. First, an application that looks legitimate in an app store but only has malicious intent. Second, an application that is a clone of a real application with a different name and has some malicious code. Third, a real application that has been wrapped by malicious code and typically presented in an alternative app store.
While the connection between websites, cloud-based services, and Webmail provides for a seamless experience from device to device, users should be cautious about how these accounts are connected, the security of their password, and what private data has been provided for password recovery or account resetting. The report recommends the use of a lengthy password comprised multiple words instead of an awkward combination of characters, numbers and symbols.
On the server side, the report recommends encrypting passwords to the database using a hash function that is suitable for password storage. The hash function should be difficult to calculate, which helps limit the effectiveness of attacks.
Rules and regulations vs the real world
No matter how strict corporate security policies are regarding passwords, users most often do the bare minimum needed to be compliant. It is human nature: if we do not understand the reason behind something, we are less likely to follow through. The report suggests that companies should take the time to educate users on how easy it is to have their personal finances spoiled by some attacker and they may develop a much greater sense of caring about their passwords.
On the positive side, the report stated that there continues to be progress in certain areas of Internet security. IBM X-Force data reports a continuing decline in exploit releases, improvements from the top ten vendors on patching vulnerabilities and a significant decrease in the area of portable document format (PDF) vulnerabilities. IBM believes that this area of improvement is directly related to the new technology of sandboxing provided by the Adobe Reader X release.