Mobile users face more frequent attacks from cybercriminals who exploit weaknesses in applications, services and use SMS phishing tactics. This is according to the 2023 "Global Mobile Threat Report" from Zimperium, a mobile security firm.
- Mobile devices are increasingly becoming targets of phishing attacks. In fact, 80% of phishing sites are either specifically designed for mobile devices or can function on both desktop and mobile devices. Shockingly, SMS phishing attacks are six to ten times more likely to be successful than email-based attacks.
- During 2022, Zimperium's anti-phishing technology detected an average of four malicious or phishing links clicked for every device it covered.
- Apple and Android devices both saw an increase in detected vulnerabilities. In 2022, a 138% increase in critical Android vulnerabilities was discovered, while Apple iOS accounted for 80% of the zero-day vulnerabilities being actively exploited.
- Malware continues to spread rapidly. The total number of unique mobile malware samples rose by 51% between 2021 and 2022, with over 920,000 samples detected.
- In 2021, Zimperium found malware on 1 out of 50 Android devices, but in 2022, that number increased significantly to 1 out of every 20 devices.
- Insecure cloud storage configurations in mobile apps are a leading attack surface. Research shows that approximately 2% of all iOS and 10% of all Android mobile apps access insecure cloud instances.
- A significant percentage of application samples submitted to public repositories (23% for Android and 24% for iOS) were found to be malicious. As a result, the number of compromised devices nearly tripled (up 187%) during the time period because these tactics are proving to be effective.
Why should you care?
- As mobile evolves into our primarily used devices, they become lucrative to attackers more than ever.
- Android devices are harder to keep secure due to the proliferation of brands and versions and, in many instances, reliance on OEM manufacturers for patching.
- SMS attacks continue to evolve and, over time, will dominate. Malicious websites can detect the endpoint device, brisk it for possible vulnerabilities or weaknesses, and deliver a targeted attack against a specific device.
- Lack of adequately secured configuration of the devices and associated cloud services can lead to compromise and data theft.
- Treat the security of your mobile device as you would treat your bank account. In the end, it is an entry point into our bank account for many of us.
#ALTACyber
------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------