Distributed Workforce, Content, Content

Millions of New Mobile Malware Strains Blitzed Enterprises in 2021

Shot of an unrecognizable hacker using a cellphone and computer in the dark

Researchers uncovered more than two million new mobile malware samples in the wild last year, Zimperium said in a new report.

Those threats spanned some 10 million mobile devices in at least 214 countries, the Dallas, Texas-based solution provider said in its newly released 2022 Global Mobile Threat Report. Indeed, mobile malware proved in 2021 to be the most prevalent security threat to enterprises, encountered by nearly 25 percent mobile endpoints among Zimperium’s customers worldwide. The 2.3 million new mobile strains Zimperium’s researchers located amount to nearly 36,000 new strains of malware weekly and roughly 5,000 each day.

Zimperium maintains a partner program, including cloud platform providers, value added resellers and distributors and technology partners. The program offers a variety of ways for partners to engage with Zimperium, ranging from managed service models to resale or referral opportunities.

Mobile Malware Research Findings

Here are some additional findings from the research:

  • From 2019 to 2021, Zimperium analyzed more than 500,000 phishing sites and found that the number of mobile-specific phishing websites grew by 50%.
  • Over the course of 2021, 75% of the phishing sites Zimperium analyzed specifically targeted mobile devices.
  • The percentage of phishing sites using HTTPS has grown steadily, from less than 40% in 2019 to nearly 60% in 2021, making it increasingly difficult for users to distinguish these sites from those that are legitimate.
  • In North America, the top tactics used by attackers closely mirrored global averages with 22% of mobile devices encountering malware in 2021, compared to 23% globally. “Man in the middle” attacks were the next most common vector, hitting 13% of devices and matching the global average.
  • In Asia, 26% of mobile devices encountered malicious websites in 2021, making users there more than twice as likely to be targeted by malicious sites than the worldwide average (12%). In addition, at least 1 in 4 mobile enterprise devices encountered at least one phishing attack in 2021.
  • In both Europe and South America, 19% of mobile users encountered network reconnaissance through scans, potentially revealing critical data about their devices, compared to only 12% of devices that encountered scans globally.

Enterprises need to prepare and secure against an ever-changing landscape of threats based on where their employees, apps, and data are in the world, Zimperium said. “Distributed and hybrid workforces, ever-connected devices, high speed 5G connectivity, and increased critical data access from remote locations have spread enterprises worldwide,” said Shridhar Mittal, Zimperium’s chief executive. “This level of mobile connectivity will remain the expectation for workers, customers, and enterprises for decades to come, but today’s cybersecurity was not built to support these environments and attackers know it,” he said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.