The mobile threat landscape continues to grow at an alarming rate as cybercriminal groups shift tactics and target mobile devices at the earliest stages of their attacks, according to a recent report from Lookout.
The report highlights the reasons behind a 17% QoQ increase (QoQ) in enterprise credential theft and phishing attempts, a 32% QoQ increase in malicious application detections and a trend showing that iOS devices are more exposed to phishing attacks than Android devices.
New mobile surveillance tools linked to Chinese and Russian APTs
In a series of new threat discoveries, researchers have revealed that a number of mobile surveillance software are tools developed by advanced persistent threat (APT) groups based in China and Russia, including Gamaredon.
More than 106,000 malicious applications have been detected on companies’ mobile devices, which can vary widely from Trojans to sophisticated spyware.
Globally, mobile phishing and malicious web content have become synonymous with business email compromise (BEC), MFA bypass attacks, executive impersonation, and vulnerability exploitation. These attacks are generally inexpensive and high-reward, and for this reason they have become the preferred initial step in the modern kill chain.
The most recent evolution of this threat vector is the use of executive impersonation attacks, which exploit an individual’s seniority and a lower-level employee’s innate desire to be helpful together. to generate higher success rates. By creating a situation of extreme urgency and leveraging the lack of familiarity between the manager and employee, attackers convince employees to share sensitive data, view phishing pages, or send them emails. money.
With iOS more popular with businesses than Android, Lookout observed that iOS was targeted by bad actors more often (18.4%) in phishing attacks than Android (11.4%) in Q3 2024. Top device configuration errors include outdated operating system, outdated operating system. -date of Android Security Patch Levels (ASPL), no device lock and no encryption.
Attackers target mobile devices to hack corporate cloud systems
The most critical mobile malware families continued to rely heavily on Android monitoring software.
The ten most common mobile browser vulnerabilities encountered by Lookout users affect Chromium-based browsers. Attackers target these vulnerabilities in particular in the hope that users have not updated to patched versions.
Aside from browser vulnerabilities, the five most common mobile app vulnerabilities were in social networks, messaging and authentication apps, and app stores.
With the commoditization of advanced malware, the evolution of nation-state mobile malware capabilities, and a heavy reliance on mobile-first social engineering, organizations today must have an advanced defense against mobile threats as part of their security strategy. Malicious actors are increasingly targeting mobile devices to steal credentials and infiltrate the enterprise cloud in a route known as the modern kill chain.
“As cyber threats evolve, we are seeing more attacks targeting mobile devices as a gateway to enterprise cloud applications that host sensitive data. This trend highlights the urgent need for advanced MTD solutions that not only protect devices, but also protect the sensitive data and systems they connect to,” said David Richardsonvice president of Endpoint, Lookout.
The Lookout Mobile Threat Landscape report is based on data derived from Lookout Security Cloud’s AI-driven mobile dataset, including more than 220 million devices, 360 million apps, and billions of web elements .
