Zimperium published its 2022 Global Mobile Threat Report
unveiling new data and comprehensive analysis of the state of mobile
security worldwide. With statistics from Zimperium's global install base
of enterprise clients, novel survey data exposing the mindset and
priorities of enterprise security professionals, and a chronicle of the
most pervasive mobile threats and third-party threat data from 2021,
this report is an extensive assessment of the current state of the
mobile threat landscape.
In 2021, the Zimperium zLabs team
discovered threats impacting 10 million mobile devices in at least 214
countries. Mobile malware was the most prevalent threat, encountered by
nearly 1 in 4 mobile endpoints within Zimperium's global customer base.
Throughout the year, the zLabs team detected 2,034,217 new mobile
malware samples in the wild, equating to an average of nearly 36,000 new
strains of malware a week and over 5,000 a day.
In
addition to the factual data presented within, the report also includes
valuable commentary and analysis from leaders across the security
industry including members of Zimperium's executive team,
representatives from SentinelOne, Ping Identity, and Intertrust, as well
as Malcolm Harkins, the chief security & trust officer at Epiphany
Systems.
"In
two short years, our work environment became way more complex and
sophisticated than it was at the beginning of 2020. Distributed and
hybrid workforces, ever-connected devices, high speed 5G connectivity,
and increased critical data access from remote locations have spread
enterprises worldwide," said Shridhar Mittal, Zimperium's CEO. "This
level of mobile connectivity will remain the expectation for workers,
customers, and enterprises for decades to come, but today's
cybersecurity was not built to support these environments - and
attackers know it. Organizations need to come to terms with how to
effectively secure this new reality, and this research will provide
critical visibility and insights to help get there."
Combining a Mountain of Mobile Threat Data for Full Visibility
Zimperium's
Global Mobile Threat Report combines data from its global install base
of enterprise clients with insights from surveys Zimperium commissioned
through Pulse -
an exclusive community of verified technology decision makers - that
are published publicly in the report for the first time. For additional
context, the report substantiates these novel insights with existing
market data and statements from other public sources to deliver the most
comprehensive account of the current mobile threat landscape and the
increasing threat posed by mobile attacks.
According
to Google, exploited zero-day vulnerabilities used in active attacks
against mobile endpoints skyrocketed in 2021 by 466% year over year. In
addition, new data from Zimperium demonstrates the growing threat posed
by different mobile attack vectors, such as phishing. From 2019 to 2021,
Zimperium analyzed more than 500,000 phishing sites and found that the
number of mobile-specific phishing websites grew by 50%. Further, over
the course of 2021, 75% of the phishing sites Zimperium analyzed
specifically targeted mobile devices.
Over
the past two years, attackers have also exhibited an increasing
sophistication in their methods for executing phishing attacks. For
example, the percentage of phishing sites using HTTPS has grown
steadily, from less than 40% in 2019 to nearly 60% in 2021, making it
increasingly difficult for users to distinguish these sites from those
that are legitimate.
Global Threat Breakdown: Mobile Attack Methods by Region
While
the report provides an extensive, worldwide snapshot of the current
state of mobile threats, it also dissects the data to show differences
in regional environments. This shows how savvy attackers adapt the
tactics they use based on the mobile environment and perceived
vulnerabilities in different regions.
Zimperium
data, inclusive of all threats and risks detected and prevented among
enterprise clients, exposes the pervasiveness of different tactics from
around the globe, giving organizations valuable insight into regional
landscapes.
For example:
- In North America,
the top tactics used by attackers closely mirrored global averages with
22% of mobile devices encountering malware in 2021, compared to 23%
globally. "Man in the middle" attacks were the next most common vector,
hitting 13% of devices and matching the global average.
- In Asia,
26% of mobile devices encountered malicious websites in 2021, making
users there more than twice as likely to be targeted by malicious sites
than the worldwide average (12%). In addition, at least 1 in 4 mobile
enterprise devices encountered at least one phishing attack in 2021.
- In both Europe and South America,
19% of mobile users encountered network reconnaissance through scans,
potentially revealing critical data about their devices, compared to
only 12% of devices that encountered scans globally.
Overall,
the data in Zimperium's 2022 Global Mobile Threat report shows the
diversity in risks, threats, and attacks targeting mobile endpoints on a
global scale. Mobile malware continues to dominate the threat
landscape, acting as the most efficient and effective method to attack,
compromise, and steal from mobile endpoints. Network-based attacks are
also incredibly effective and prominent, taking advantage of the mobile
phone's big differentiator - the ability to always be connected.
With
the rise in remote and distributed workers and customers, enterprises
need to prepare and secure against an ever-changing landscape of threats
based on where their employees, apps, and data are in the world. The
modern attack surface has grown, and threats to enterprises continue to
be prevalent and effective against unsecured devices.
To download a copy of Zimperium's 2022 Global Mobile Threat report, visit
www.zimperium.com/global-mobile-threat-report