Zimperium Reports 187% Rise in Fully Exploited Mobile Devices

Highlights:

• The report emphasizes several significant findings that demonstrate the escalating vulnerability of the mobile landscape.
• Europe, the Middle East, and Africa had the highest percentage of devices affected by spyware, at 35% and 25%, respectively, according to the report.

The rapid adoption of mobile devices and applications has created an expanding attack surface, according to a new report from Zimperium Inc., a provider of a mobile security platform.

The company’s Global Mobile Threat Report 2023 examines mobile-powered businesses’ escalating security challenges and the need for more robust mobile security measures. The report emphasizes several significant findings that demonstrate the escalating vulnerability of the mobile landscape.

43% of compromised devices are now completely exploited, an increase of 187% compared to the previous year. Mobile-targeted phishing attacks are also a developing concern, with 80% of phishing sites now optimized for mobile or compatible with mobile and desktop platforms. According to a recent study, SMS-based phishing attacks are six to ten times more likely to target the average user than email-based attacks.

Europe, the Middle East and Africa had the highest percentage of devices affected by spyware, at 35% and 25%, respectively, according to the report. Android devices experienced a 138% year-over-year increase in vulnerabilities, while Apple Inc. devices accounted for an astounding 80% of all zero-day vulnerabilities actively exploited in the open.

The proliferation of mobile malware was also identified as a cause for concern, with the number of unique mobile malware samples increased by 51% between 2021 and 2022, reaching over 920,000. 14% of mobile applications utilizing cloud storage had insecure configurations, leaving them vulnerable to exploitation due to improper cloud storage configurations.

Shridhar Mittal, CEO at Zimperium, said, “The explosive growth in mobile device and app usage has created an ever-growing attack surface. Mobile-powered businesses must increase mobile security measures to protect the personal data security of employees and the sensitive information belonging to the organization.”

Mika Aalto, co-founder and CEO of enterprise security awareness solutions supplier Hoxhunt Oy, told a leading media house that changing the strategic center of the security stack is one of the most successful tactics for combating mobile phishing attacks.

This “means integrating human threat intelligence with your protect-detect-respond capabilities,” he noted. “A good human risk management platform will help chief information security officers train the workforce as individuals at scale until they instinctively recognize and report phishing attacks.”

According to Aalto, a threat report is the desired conclusion of a phishing attack. “It removes the danger from the system and alerts the security team to the threat,” he explained. “As more threat reports swell the threat feed, make sure you have the security operations center resources and the automation to orchestrate the threat feed data so you can focus on what matters.”