Distributed Workforce, Breach, Content, Content, Security Program Controls/Technologies, Phishing

Cyberattacks Against Mobile Devices Growing Fast

Cropped shot of an unrecognizable businessman standing alone in his home office and texting on his cellphone

A rise in mobile-powered businesses is creating vulnerability gaps that are being exploited by cybercriminals and nation-states, according to a new report by Zimperium, a mobile first security platform provider.

Indeed, some 43% of all compromised devices were fully exploited -- not just jailbroken or rooted -- an increase of 187% year-over-year, Zimperium found in its 2023 Global Mobile Threat Report.

Explosive Growth in Mobile Device Use Fuels Wider Attack Surface

Shridhar Mittal, Zimperium chief executive, said the “explosive growth” in mobile device and app use has created a wider attack surface:

"Mobile devices are integral to the way we work, communicate, navigate, bank and stay informed -- creating new opportunities for malware. Last year's Global Mobile Threat Report revealed that 60% of the endpoints accessing enterprise assets were mobile devices, and this does not seem to be slowing down. Mobile-powered businesses must increase mobile security measures to protect the personal data security of employees and the sensitive information belonging to the organization."

Here are some of the key findings from the study:

  • 80% of phishing sites target mobile devices specifically or are designed to function both on desktop and mobile. Meanwhile, the average user is six to ten times more likely to fall for SMS phishing attacks than email-based attacks.
  • During 2022, Zimperium detected an average of four malicious/phishing links clicked for every device covered with its anti-phishing technology.
  • EMEA and North America have the highest percentage of devices being impacted by spyware, with EMEA at 35% and North America at 25%.
  • There was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild.
  • Between 2021 and 2022, the total number of unique mobile malware samples rose 51%, with more than 920,000 samples detected, including Dirty RatMilad, MoneyMonger and Dark Herring.
  • In 2021, Zimperium detected malware on 1 out of 50 Android devices. It increased significantly in 2022 to 1 out of every 20 devices.
  • ±2% of all iOS and ±10% of all Android mobile apps accessed insecure cloud instances.

Balancing Mobile Opportunities with Cyber Risks

The fundamental question that today’s organizations face is how to capitalize on the “opportunities of being mobile-powered” without exposing themselves to more risk, said Jon Paterson, Zimperium chief technology officer:

"To thrive, it is critical that they employ a mobile-first security strategy–one where they continually prioritize and assess risk as close to the user and device as possible, and baseline and continuously assess vulnerability posture to operate in a known state with complete visibility. They must take responsive action on risk detection: leverage zero trust and conditional access workflows, leverage XDR and autonomous, 3rd party integrations and ensure they assess and stay updated on global privacy regulations and the risks that affect apps they develop and use."

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.