IBM X-Force reports drop in browser flaws and spam

IBM has reported drops in spam and web browser vulnerabilities in a rare bit of good news for the security market.

The company's latest X-Force Trend and Risk Report logged a decrease in serious vulnerabilities in web browsers, which can be exploited for remote attacks and malware installation.

IBM also found that increased efforts to track and dismantle botnets are helping to reduce spam and phishing scams.

"There have been some improvements in the security of the software we are using and in the amount of spam and phishing activity," Tom Cross, IBM X-Force threat intelligence and strategy manager, told V3.

"We are used to seeing bad news all the time, so to see some statistics that show signs of progress gives us some hope to press on."

The news wasn't all good for end users and administrators, however. IBM noted an increase in data breaches and attacks on web applications.

The increase in high-profile breaches and hacktivist attacks such as the recent campaigns from LulzSec and Anonymous exposed glaring weaknesses in many servers and web applications. Even if hacktivist activity cools down, Cross warned that systems are still prone to financially motivated attacks.

The report also reported that levels of mobile malware have climbed significantly, suggesting that malware writers have moved from proof-of-concept code and flaw detection to actively targeting systems with malware operations.

"For years we have been wondering when we are going to see malware targeting mobile devices, and the wait is more or less over," Cross said.

"We are now seeing a lot of malware and the number of vulnerabilities and exploit code has continued to increase."