Lookout, Inc. released a report showing that mobile phishing exposure surged 161% within the energy industry between the second half of 2020 and the first half of 2021. 


Lookout research indicates that organizations in the energy industry experienced the following between July 1, 2020 and June 30, 2021:


  • 20% of energy employees were exposed to a mobile phishing attack in the first half of 2021, a 161% increase from the second half of 2020.
  • 17.2% of all cyberattacks originating on mobile endpoints targeted energy organizations, making the industry the biggest target of cybercriminals and nation-state-sponsored attackers.
  • The average mobile app threat exposure rate was 7.6% — nearly double the average of all other industries combined.
  • 56% of Android users were exposed to nearly three hundred exploitable vulnerabilities by running out-of-date versions of Android OS.
  • Riskware and vulnerabilities were the cause of 95% of mobile app threats.
  • Regional mobile phishing exposure rates: North America (11.2%), APAC (13.2%) and EMEA (15.8%). 
  • EMEA and APAC employees were 41% and 18% more likely to experience a mobile phishing attack than their North American peers.


The Lookout Energy Industry Threat Report is based on an analysis of data in the Lookout Security Graph. The Graph encompasses telemetry from more than 200 million devices, 150 million apps and detections from the Lookout Secure Web Gateway (SWG) use. Lookout researchers analyzed this information specific to organizations involved in the production and sale of energy, including fuel extraction, manufacturing, refining and distribution.


Energy organizations provide the infrastructure essential for the safety and well-being of society. Recent events such as the Colonial Pipeline breach demonstrate that the energy industry is particularly vulnerable to cyberattacks. Bad actors phish and exploit vulnerabilities in mobile endpoints to circumvent legacy security systems to gain access to the corporate infrastructure, steal sensitive data and extort money.


Securing mobile endpoints that employees use to do their jobs is imperative to protect enterprise data as iOS, Android, and ChromeOS devices are increasingly essential to digital transformation initiatives. Protecting against mobile phishing and app threats enables energy organizations to prevent cyberattackers who want to steal credentials and data or halt operations with ransomware.


“As the energy industry modernizes and relies more heavily on mobile devices and cloud solutions, these insights into mobile phishing and app threats can help organizations strengthen their security program,” said Stephen Banda, Senior Manager of Security Solutions at Lookout and the author of the report. “We recommend organizations train employees about the dangers of mobile phishing attacks and have dedicated solutions in place to secure against them. They also need visibility into mobile app and operating system vulnerabilities to safeguard corporate data.” 


“One of the most frightening things about the attacks on the energy industry is the range and sophistication of the bad actors seeking to do damage. On the one hand, the well-resourced bad actor sponsored by a nation-state will be able to launch a well-coordinated large-scale attack to shut down critical infrastructure as part of a more strategic adversarial operation. The attacks exploits of SolarWinds, Microsoft Exchange, and Kaseya of the past year illustrate the potential disruption that these attacks can have when they are well orchestrated by well-funded organizations.”


Download the Lookout Energy Threat Report here