The mobile threat landscape continues to grow at an alarming rate as cybercrime groups shift their tactics and target mobile devices in the early stages of their attacks, according to a recent Lookout report.
The report highlights insights behind a 17% increase QoQ (quarter on quarter) in enterprise-focused credential theft and phishing attempts, 32% increase QoQ in malicious app detections and a trend showing iOS devices are more exposed to phishing attacks than Android devices.
New mobile surveillance tools tied to Chinese and Russian APTs
In a series of multiple novel threat discoveries, researchers have disclosed a number of mobile surveillanceware are tools developed by advanced persistent threat (APT) groups based in China and Russia including Gamaredon and more.
More than 106,000 malicious apps were detected on enterprise mobile devices, which can vary widely from trojan malware to sophisticated spyware.
Globally, mobile phishing and malicious web content have become synonymous with business email compromise (BEC), MFA bypass attacks, executive impersonation, and vulnerability exploitation. These attacks are typically low cost and high reward, and for that reason have become the preferred initial step in the modern kill chain.
The most recent evolution in this threat vector is the use of executive impersonation attacks, which leverage an individual’s seniority and a lower-level employee’s innate desire to be helpful together to drive higher success rates. By creating a highly urgent situation and relying on lack of familiarity between the executive and the employee, attackers convince employees to share sensitive data, visit phishing pages, or send them money.
iOS is more popular for enterprises than Android, therefore Lookout observed iOS targeted by threat actors more often (18.4%) in phishing attacks than Android (11.4%) in Q3 2024. Top device misconfigurations include out-of-date OS, out-of-date Android Security Patch Levels (ASPL), no device lock and no encryption.
Attackers target mobile devices to breach enterprise cloud systems
The most critical families of mobile malware continued to lean heavily towards Android surveillanceware.
The top ten most common mobile browser vulnerabilities encountered by Lookout users affect Chromium-based browsers. Attackers target these vulnerabilities in particular in hopes users haven’t updated to patched versions.
Outside of browser vulnerabilities, the five most common mobile app vulnerabilities were in social media, messaging and authentication apps and app stores.
With the commoditization of advanced malware, evolution of nation-state mobile malware capabilities, and a heavy reliance on mobile-focused social engineering, organizations today must have advanced mobile threat defense as part of their security strategy. Threat actors are increasingly targeting mobile devices to steal credentials and infiltrate the enterprise cloud in a pathway known as the modern kill chain.
“As cyber threats evolve, we’re seeing more and more attacks targeting mobile devices as the gateway to corporate cloud apps that house sensitive data. This trend underscores the urgent need for advanced MTD solutions that not only protect devices but also safeguard the sensitive data and systems they connect to,” said David Richardson, VP of Endpoint, Lookout.
The Lookout Mobile Threat Landscape Report is based on data derived from the Lookout Security Cloud’s AI-driven mobile dataset of more than 220 million devices, 360 million apps and billions of web items.