Phishing, malware, data breaches: Mobile devices are a moving target

March 18, 2022

Cybercriminals are increasingly leveraging sophisticated cyberattacks that target mobile devices and applications, continuing to improve their tactics and techniques, and the reality is security teams are not well-positioned to contend with today’s mobile security demands, Zimperium research found.

For teams looking to respond to this evolving security threat, the Zimperium 2022 Global Mobile Threat

Report offers key findings:

1. Mobile devices are an increasing focus of cybercriminals.

30% of the known, zero-day vulnerabilities discovered in 2021 targeted mobile devices.
The same year, there was a 466% increase in exploited, zero-day vulnerabilities used in active attacks against mobile endpoints.
Further, 75% of the phishing sites analyzed specifically targeted mobile devices.

2. Malware is everywhere.

2,034,217 new malware samples were detected in the wild in 2021.
The Zimperium zLabs team discovered threats affecting more than 10 million devices in 214 countries.

3. Advanced malware keeps resurfacing.

Prominent malware discovered in previous years made a mobile-focused comeback in 2021. For example, Pegasus, the spyware program first detected in 2016, surfaced again in 2021. Attackers targeted more than 50,000 individuals, including journalists, activists, and political leaders. This most recent variant leveraged zero-day exploits to target iOS devices.
In addition, the Joker trojan discovered in 2017 also reappeared in 2021 and specifically targeted Android devices.

4. Vulnerable mobile devices are resulting in incidents.

42% of organizations report that vulnerabilities in mobile devices and web applications have led to a security incident

5. Public cloud misconfigurations are exposing data.

Based on analysis of more than 1.3 million Android and iOS apps, 14% of the apps using public cloud backends had misconfigurations that exposed users’ personal information.

The findings demonstrate that security teams must start to take mobile security seriously, as the number of risks to mobile apps and devices and the corporate assets they connect to are growing every year.

While securing mobile devices is an important first step, to fully secure organizations and their data, security leaders should use mobile risk as one of the many signals that feed security policies for accessing data in cloud, on-prem, and private apps, says Hank Schless, Senior Manager, Security Solutions at Lookout. “The rise in mobile phishing illustrates how attackers are targeting mobile users to gain initial access to corporate data. Being able to secure mobile devices with the same platform used to secure access and data interaction with the cloud, on-prem and private infrastructure is the best way to protect organizations against the modern threat landscape,” Schless says.

Maria Henriquez joined Security Magazine in 2019 as its Associate Editor. Since then, she has been covering the security industry and reporting on issues affecting enterprise security leaders, to include cybersecurity, leadership and management, risk and resilience and pressing security challenges facing the industry. Within her role at Security, she works to produce several Special Reports and other stories for the monthly eMagazine, Newswire articles, Web Exclusive features, as well as manage social media, the 5 minutes with series, and the Today’s Cybersecurity Leader and Security enewsletter. She graduated from the University of Illinois at Urbana-Champaign with a bachelor’s in English and Creative Writing.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

Security departments have long struggled to bring their real-time voice communications into the present, resorting to communicating with radios, unsecure applications, multiple devices, and Wi-Fi-only solutions.

Poll

Business Travel Security

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Mobile zero-day security vulnerabilities, phishing attacks continue to rise

Phishing, malware, data breaches: Mobile devices are a moving target

Recent Articles by Maria Henriquez

Buffalo mass shooting investigated as racially motivated violent extremism

COBALT MIRAGE conducts ransomware operations in US

Five years after the WannaCry ransomware attack

SolarWinds data breach lawsuit takeaways for CISOs

Former CIA CISO William MacMillan joins Salesforce security team

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Mobile zero-day security vulnerabilities, phishing attacks continue to rise

Phishing, malware, data breaches: Mobile devices are a moving target

Recent Articles by Maria Henriquez

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.