Large organizations (companies or agencies with more than 200 iOS or Android mobile devices) are almost guaranteed to have at least one malware-infected device, according to a new report.

The Skycure Mobile Threat Intelligence Report also found that four percent of all mobile devices have malware installed, regardless of whether they are managed by an enterprise or an individual.

“Malware absolutely exists on enterprise mobile devices and standardizing on iOS doesn’t make you safe,” said Yair Amit, CTO of Skycure. “Unlike the nuisance malware of the past that targeted only consumers, today’s malware is smarter, and often more focused on businesses. We have seen recent attacks that have been specifically designed to circumvent two-factor authentication. Smartphones make excellent reconnaissance tools because they are able to track a user’s conversations and movements twenty-four seven. That means malware can target specific individuals for access to valuable personal and corporate information.”

Enterprises today are still struggling to manage mobile devices within their workforce, the report said. Keeping devices secure while still allowing them access to corporate systems is a complicated problem, especially with many workers using their own devices to connect to enterprise applications and documents. Malware can be difficult to pinpoint in an enterprise managing hundreds or thousands of devices, each installed with hundreds of apps.

The report found the following by studying malware in the enterprise:

• Three percent of all enterprise iOS devices have malware installed, and nearly twice as many (5.7 percent) of all enterprise Android devices are infected
• Android devices have a greater variety of malware. Total Android malware consists of 76 percent unique varieties, while only 22 percent of all installed iOS malware was unique.
• On average, enterprises have more than three unique varieties of malware. The study analyzed an average of more than 290 apps per device.
• The report found the worst time of day to install apps is the hour from 9:00-10:00 am ET. That hour is as much as 10 times the rate of other hours during the day.
• Mobile ransomware continues to increase, with screen-lock ransomware as the most prevalent. However, crypto-ransomware, where content is unrecoverable even if the user is able to access their files, is growing in popularity.

The report found that nearly one in five (19 percent) enterprise Android devices still allows app installation from third-party stores, despite a system-level setting to turn off this feature. According to the study, this is a problem because third-party app stores are much more likely to deliver malware. The report ranked the Google Play store the safest place to get Android apps. Users are nearly twice as likely to download malware from the Samsung store, more than 12 times more likely to find malware at the Amazon store, and more than 72 times more likely to be infected at the Aptoid store.

While the report focuses on malware, it notes that malware is only one of the mobile threats facing enterprises. In fact, the report found that network incidents happen five times more often than malware incidents. Of all the incidents detected, 70 percent were network-based compared to 13 percent malware-based. Diving deeper into the network incidents, the study found the largest number of threats from SSL Man in the Middle attacks, which intercept a communication between two systems. The second largest threat came from content manipulation attacks, in which hackers alters data to cause a victim to perform desired actions through a manipulated interface or in a third-party system.

Nearly one in every three enterprise mobile devices are medium-to-high risk according to the Skycure Mobile Threat Risk Score. Two in every hundred are high risk--meaning they’ve already been compromised or are currently under attack. The Skycure risk score takes into account recent threats the device was exposed to, device vulnerabilities and configuration, and user behavior.

https://www.skycure.com/blog/2016q1-threat-report