Is it safe to go mobile? New security threats keep your IT team up at night.

The classic 1978 film, Jaws 2, leveraged one of the famous movie taglines ever: “Just when you thought it was safe to go back in the water…” In the movie trailer, fictional Police Chief Brody famously states, “I think we may have another shark problem.”

How does a decades-old film relate to the concerns of today’s IT managers? Because, just when IT managers began to confidently address many of their Web-based and network-related vulnerabilities, along came a new and complex threat variant designed to feast on their valuable organizational data and keep them up at night: mobile malware. Now, let’s explore significant risks posed by mobile threats, and offer practical solutions to address the risks they pose.

Mobile Threat Landscape

Not so long ago, predictions stated that smartphones and tablets weren’t particularly susceptible to malware and hacking. That hasn’t proven to be the case. Instead, organizations’ growing use of mobile technology has been accompanied by an explosion of malware growth. Case in point: Published reports have indicated that malware aimed at mobile platforms grew 614 percent in the one-year period ending March 2013, nearly 450 percent faster than in the year before.

With the pronounced growth in mobile malware, mobile vulnerabilities currently represent 4 percent of total vulnerability disclosures, up from less than 1 percent in 2009, according to the IBM X-Force 2013 Mid-Year Trend and Risk Report.

In late 2013, IBM partner Arxan Technologies identified and reviewed hacked versions of top iOS and Android apps from third-party sites outside of official Apple and Google app stores. They also reviewed 15 highly-popular free apps for iOS and the same 15 free apps for Android. In addition, 40 popular financial apps were reviewed, with a breakdown of 20 per platform. Arxan’s sample size totaled 230 apps.

To give you a sense of the pervasive nature of mobile risk, Arxan’s research determined that amongst top 100 paid applications:

  • 56% of apps on Apple iOS had been hacked

Amongst popular free applications:

  • 73% on Android had been hacked
  • 53% on Apple iOS had been hacked

Safeguarding Your Organization Against Mobile Threats

How do you balance the increased productivity and flexibility offered by mobile technology against growing security risks associated with mobile’s widespread usage? And, how do you manage the myriad of new security threats that are emerging in the marketplace? In 2012, IBM predicted that mobile computing devices were driving security controls and technology that hadn’t previously existed for traditional endpoint devices. But, how does your organization stay at the forefront of the mobile technology curve?

In order to address the growing market need for improved mobile protection, IBM is announcing two exciting new security solutions:

  • IBM Security Access Manager 8.0 all in-one appliance – powered by X-Force, Trusteer, and QRadar – to protect web and mobile applications from threat and vulnerabilities.
  • IBM Security AppScan 9.0 to help you identify and fix vulnerabilities in mobile source code and make your organization’s applications less susceptible to malware attacks.

The new release permits you to integrate your AppScan and IBM Worklight activities, so you can conveniently expand your overall IBM relationship and enhance security protection. You can read more details about what we are announcing below.

Transaction Security: Release of IBM Security Access Manager 8.0

As organizations expand their business models to delivery via mobile, cloud and social platforms, a powerful access management solution is required to create and enforce session management and context-aware access policies across wide-ranging web and mobile applications. Solutions also need to protect your web and mobile applications from threats and vulnerabilities, through reliable threat protection mechanisms. And, gaining insight into user activity has become a critical requirement for you to effectively protect business assets and achieve your compliance goals.

On February 18th, IBM announced availability of the 8.0 version of Security Access Manager, the“all-in-one” appliance, which includes two modules – IBM Security Access Manager for Web 8.0 and IBM Security Access Manager for Mobile 8.0.

Provided to your organization as a virtual or hardware-based appliance, IBM Security Access Manager protects Web and mobile applications from threats and vulnerabilities through an advanced threat protection mechanism. As such, it enables you to conveniently create and enforce session management, application protection, and context-aware access policies across a wide range of Web and mobile applications. Expanded integration with IBM X-Force Threat Intelligence, IBM QRadar Security Intelligence Platform and Trusteer Mobile SDK help you to expand your end-to-end security capabilities.

Our new solution’s delivered to you in a modular package, so you can deploy it for an initial use-case (for example, traditional Web access management,) and then expand your implementation to other use-cases, such as mobile security.

For a summary of Security Access Manager 8.0’s capabilities, refer to the chart below:

For further details about IBM Security Access Manager 8.0, visit the following: About IBM Security Access Manager for Web.

Application Security Protection: IBM Security AppScan 9.0

IBM® Security AppScan® software enables organizations to assess the security of their applications and achieve regulatory compliance by identifying vulnerabilities and generating reports with intelligent fix recommendations to ease remediation.

At the RSA Conference, IBM announced availability of AppScan 9.0. AppScan 9.0’s enhanced security policy management capabilities permit organizations to identify their highest-risk application vulnerabilities, and prioritize those vulnerabilities for remediation. By remediating vulnerabilities early in the software development cycle, they’re much less expensive to remediate.

Enhanced mobile scanning capabilities in AppScan 9.0 help you to identify and fix vulnerabilities in mobile source code, making your organization’s applications less susceptible to malware attacks. In addition, IBM’s business partnership with Arxan Technologies offers you the ability to further “lockdown” applications against potential attacks.

Lastly, the new release permits you to integrate your AppScan and IBM Worklight activities, so you can conveniently expand your overall IBM relationship and enhance security protection.

For a summary of AppScan 9.0’s capabilities, refer to the chart below:

For further details about AppScan, visit the following: About IBM Security AppScan

To learn how IBM client West Virginia University protected its student data using IBM Security AppScan, consult: How West Virginia University Protects Sensitive Student Data

More from Application Security

Audio-jacking: Using generative AI to distort live audio transactions

7 min read - The rise of generative AI, including text-to-image, text-to-speech and large language models (LLMs), has significantly changed our work and personal lives. While these advancements offer many benefits, they have also presented new challenges and risks. Specifically, there has been an increase in threat actors who attempt to exploit large language models to create phishing emails and use generative AI, like fake voices, to scam people. We recently published research showcasing how adversaries could hypnotize LLMs to serve nefarious purposes simply…

Mapping attacks on generative AI to business impact

5 min read - In recent months, we’ve seen government and business leaders put an increased focus on securing AI models. If generative AI is the next big platform to transform the services and functions on which society as a whole depends, ensuring that technology is trusted and secure must be businesses’ top priority. While generative AI adoption is in its nascent stages, we must establish effective strategies to secure it from the onset. The IBM Institute for Business Value found that despite 64%…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today