Mobile becomes the preferred route for attacks on enterprises
Mobile threats are no longer an emerging issue, they're here, rapidly evolving, and targeting the devices organizations depend on every day.
As employees use smartphones, laptops, and tablets to access sensitive data and systems, a new report from Zimperium zLabs shows attackers are increasingly exploiting these endpoints through mobile-first strategies that bypass traditional security defenses.
"As organizations globally have embraced mobile to improve both productivity and customer engagement, cybercriminals have taken notice and have transitioned to a mobile-first attack strategy," says Shridhar Mittal, CEO of Zimperium. "In today's hybrid work environment, where 70 percent of organizations support BYOD and actively build mobile apps for both employees and customers, reducing the mobile attack surface requires a comprehensive mobile security strategy covering both mobile devices and mobile applications."
The researchers found a continued surge in mobile phishing (mishing) attacks with SMS/text based phishing (Smishing) now 69.3 percent of all mishing attacks. PDF phishing has also emerged as a new attack method. Notably, the report reveals that vishing (voice-call phishing) and smishing attacks on mobile devices have risen dramatically (28 percent and 22 percent, respectively).
Malware continues to be the weapon of choice of cybercriminals and advanced persistent threats. zLabs observed a 50 percent increase year-on-year in use of Trojans in attacks with new banker trojan families discovered including: Vultur, DroidBot, Errorfather and BlankBot.
The apps downloaded by unsuspecting users can lead to serious consequences if they are not properly assessed for threats, including leakage of sensitive data, as well as trojans for delivering malware, particularly if they have not been downloaded from an official app store. Internally developed mobile apps used by customers, suppliers or employees may still lack basic defenses, leaving them vulnerable to reverse engineering, tampering, and exploitation.
"The research shows that bad actors targeting mobile devices and apps are constantly evolving their tactics, evading detection, often going unnoticed by enterprises," says Kern Smith, vice president, global solutions engineering at Zimperium. "To effectively navigate this evolving mobile threat landscape, enterprises need to have real-time threat visibility and comprehensive protection. Adopting a holistic approach that takes into account the entire mobile ecosystem is vital to stay ahead of bad actors looking to exploit enterprises' sensitive data and operations."
You can get the full report from the Zimperium site.
Image credit: Techa Tungateja/Dreamstime.com