Boston-based cloud security company Lookout has released its Q3 2024 Mobile Threat Landscape Report, revealing that iOS devices are more exposed to phishing and web content threats than Android. Covering the period from July to September 2024, the report highlights the evolving nature of mobile threats, with cybercriminals increasingly targeting mobile devices in the early stages of their attacks. Lookout Threat Lab researchers noted a 17% increase in enterprise credential theft and phishing attempts compared to the previous quarter, as well as a 32% increase in malicious app detections.
One of the most worrying findings of the study is that 19% of enterprise iOS devices experienced at least one mobile phishing attack in each of the first three quarters of 2024, while only 10.9% of Android enterprise devices have been exposed to similar threats. This trend challenges the perception that Apple devices offer superior security. According to Lookout, mobile phishing has become the leading threat vector for businesses, with attackers using increasingly sophisticated techniques to trick users and steal sensitive data.
In addition to phishing threats, Lookout revealed the discovery of two families of mobile surveillance software exploited by advanced persistent threat (APT) groups based in China and Russia. These surveillance tools are capable of extracting sensitive information, monitoring communications, and conducting long-term espionage on targeted individuals and organizations. The company warns that such tools pose a significant risk to businesses and high-profile individuals, particularly in industries such as government, finance and defense.
Phishing and malicious web content:
Globally, mobile phishing and malicious web content have become synonymous with business email compromise (BEC), MFA bypass attacks, executive impersonation, and vulnerability exploitation. These attacks are generally inexpensive and high-reward, and for this reason they have become the preferred initial step in the modern kill chain.
The most recent evolution of this threat vector is the use of executive impersonation attacks, which exploit an individual’s seniority and a lower-level employee’s innate desire to be helpful together. to generate higher success rates. By creating a situation of extreme urgency and leveraging the lack of familiarity between the manager and employee, attackers convince employees to share sensitive data, view phishing pages, or send them emails. money.
Since 2019, Lookout Security Cloud has identified more than 473 million phishing and malicious sites globally, with 13.6 million offensive and disapproved sites blocked in Q3 2024, down from 17.8 million of the second quarter, while 783,000 phishing and malicious web attacks were prevented during the third quarter of 2024. Q3, a notable increase compared to 670,000 in the previous quarter.
The report highlights the importance of proactive mobile security measures as organizations increasingly rely on mobile devices for their daily operations. With the rise of remote working and mobile-first business models, cybercriminals are exploiting vulnerabilities in mobile devices to launch targeted attacks. Lookout experts urge businesses to prioritize mobile threat defense strategies to protect their workforce and critical data.
The findings of Lookout’s report serve as a wake-up call for businesses to address mobile security risks. Businesses that fail to implement comprehensive mobile security measures risk financial losses, data breaches and reputational damage. As mobile threats continue to grow, securing mobile endpoints is no longer an option but an essential part of a modern cybersecurity strategy.
