Lookout, Inc. released the Lookout Mobile Threat Landscape Report
for Q1 2024. According to Lookout data, in the first quarter of 2024,
the number of phishing, malicious, denylisted and offensive links
delivered to Lookout customers' mobile devices tripled compared to Q1
2023. Lookout also saw a massive jump in social engineering and phishing
attempts and attacks targeting multi-factor authentication (MFA)
solutions.
The Lookout Mobile Threat Landscape Report is based on data derived from
the Lookout Security Cloud's ever-growing AI-driven mobile dataset that
analyzes data from more than 220 million devices, 325 million apps and
billions of web items.
Lookout data for Q1 2024 also shows:
-
As of today, more than 20% of iOS users are still using outdated
versions, leaving their devices and data vulnerable to exploits. Lookout
mobile security experts recommend immediately updating to the latest
version to protect against lingering vulnerabilities.
-
Top device misconfigurations include out-of-date OS (37.7%), no device
lock (14.2%), out-of-date Android Security Patch Levels (ASPL) (13.6%)
and non-app store signer (2.2%).
-
The most critical families of mobile malware weighed heavily towards mobile (Android) surveillanceware.
-
The top ten most common mobile app vulnerabilities encountered by
Lookout users in Q1 2024 were all in components of mobile browsers.
Attackers exploit these vulnerabilities using maliciously crafted web
pages delivered via links. Since most mobile devices run Chrome,
Firefox, Safari, or Edge, attackers target these browsers, hoping users
haven't updated to patched versions.
In April 2024, Lookout conducted a survey
among 250 U.S.-based CISOs and cybersecurity leaders that underscores
the growing need for Mobile Threat Defense. An overwhelming 97% of
respondents believe that malicious mobile apps or extensive mobile app
permissions - such as access to contacts, SMS, camera and microphone -
pose a threat to their organization and could result in the leakage of
sensitive data. Within the last six months, 75% of organizations
experienced mobile phishing attempts targeting their employees.
As seen with Scattered Spider attacks against enterprises, employee
accounts were compromised within minutes of the attack's initiation,
followed by immediate internal social engineering via platforms
including Slack, email and Microsoft Teams. Sensitive data was stolen
within the first five minutes of the attack. The Modern Kill Chain, as defined by Lookout, emphasizes that it is crucial to respond to an attack immediately.
"Reflecting on the first quarter of 2024, this report encapsulates our
discoveries, affirming that mobile threats have shifted from the
sidelines to the forefront of contemporary cybersecurity strategies,"
said David Richardson, Vice President of Endpoint and Threat
Intelligence, Lookout. "Organizations must be equipped to respond
swiftly to meet the rapid nature of today's threats. In navigating this
landscape, Lookout is unrivaled in understanding the nuances of mobile
security and how mobile attacks lead to organizations being
compromised."
Mobile Threat Defense Industry Leadership
Backed by a world-class mobile threat intelligence team, Lookout offers a
defense-in-depth approach to cybersecurity that is designed to protect
an organization's data against the Modern Kill Chain. With the largest
database of threat telemetry, Lookout has a deep understanding of mobile
and cloud threats.
The Lookout Security Cloud has identified 450,000,000 phishing and
malicious sites since 2019. In Q1 2024, the total number of sites
blocked by Lookout's Mobile Threat Defense solution, Lookout Mobile Endpoint Security,
surged by 273% compared to Q1 2023. There was an increase of 290% in
the blocking of denylisted and offensive content, alongside a
substantial uptick of 97.8% in preventing enterprise phishing attempts
and malicious web attacks.
Lookout Mobile Endpoint Security is the industry's most advanced Mobile
Threat Defense solution to deliver mobile endpoint detection and
response (Mobile EDR). Lookout provides visibility into mobile threats
and state-sponsored spyware, while also protecting against mobile
phishing and credential theft that can lead to unauthorized access to
sensitive corporate data. Lookout is FedRAMP JAB P-ATO Authorized and
available through CDM DEFEND, trusted by enterprise and government
customers to protect sensitive data, enabling the workforce to connect
freely and safely from any device.
Lookout Threat Lab: Empowering Security Teams with Mobile Threat Intelligence
Lookout collects and analyzes proprietary data points to provide
customer security teams with comprehensive protection capabilities
against mobile cyber attacks. Its advanced threat intelligence and AI
machine learning technology ensure that mobile devices are safeguarded
from the latest threats.