Threats to mobile devices triple over the last year
Almost three times as many phishing, malicious, deny-listed, and offensive links have been delivered to mobile devices than a year ago, according to a new report from Lookout.
The Lookout Mobile Threat Landscape Report is based on data derived from the Lookout Security Cloud that analyzes data from more than 220 million devices, 325 million apps and billions of web items.
Among the report's findings are that more than 20 percent of iOS users are still using outdated versions, leaving their devices and data vulnerable to exploits. Top device misconfigurations across all devices include out-of-date OS (37.7 percent), no device lock (14.2 percent), out-of-date Android Security Patch Levels (ASPL) (13.6 percent) and non-app store signer (2.2 percent).
The top ten most common mobile app vulnerabilities encountered by users in Q1 2024 are all in components of mobile browsers. Attackers exploit these vulnerabilities using maliciously crafted web pages delivered via links. Since most mobile devices run Chrome, Firefox, Safari, or Edge, attackers target these browsers, hoping users haven't updated to patched versions.
"Reflecting on the first quarter of 2024, this report encapsulates our discoveries, affirming that mobile threats have shifted from the sidelines to the forefront of contemporary cybersecurity strategies," says David Richardson, vice president of endpoint and threat intelligence at Lookout. "Organizations must be equipped to respond swiftly to meet the rapid nature of today's threats. In navigating this landscape, Lookout is unrivaled in understanding the nuances of mobile security and how mobile attacks lead to organizations being compromised."
In April of this Lookout conducted a survey among 250 US-based CISOs and cybersecurity leaders which found 97 percent of respondents believe that malicious mobile apps or extensive mobile app permissions -- such as access to contacts, SMS, camera and microphone -- pose a threat to their organization and could result in the leakage of sensitive data. In the last six months 75 percent of organizations experienced mobile phishing attempts targeting their employees.
The full report is available from the Lookout site.
Image credit: Sasinparaksa/Dreamstime.com