Lookout, Inc. released the
Lookout Mobile Threat Landscape Report
for Q2 2024. The report highlights insights behind a 70% YOY increase
in mobile phishing and malicious web content, dissects a new mobile
surveillanceware family and notes a significant increase in attacks that
enable root access to iOS devices. Lookout data also shows that even if
an organization manages employee devices with only a Mobile Device
Management (MDM) solution, those employees are just as likely to
encounter a phishing attack as organizations that don't use MDM.
The Lookout Mobile Threat Landscape Report is based on data derived from
the Lookout Security Cloud's ever-growing AI-driven mobile dataset of
more than 220 million devices, 325 million apps and billions of web
items. The Lookout Security Cloud has identified 462 million phishing
and malicious sites since 2019. In addition, it leverages AI to analyze
data and identify malware, phishing attacks, and other sophisticated
network-based threats.
Lookout data for Q2 2024 also reveals:
-
A substantial uptick of 40.4% in mobile phishing attempts and malicious web attacks targeting enterprise organizations.
-
More than 80,000 malicious apps were detected on enterprise mobile
devices. Mobile app threats can vary widely, from invasive permissions
and riskware that pose significant compliance risks to sophisticated
spyware capable of tracking devices, stealing data, eavesdropping on
conversations and accessing the user's camera and microphone.
-
In Q2, Lookout protected customers against 47 new mobile malware
families, and customers were given enhanced protection against 101 known
mobile malware families.
-
Top device misconfigurations include out-of-date OS, out-of-date Android
Security Patch Levels (ASPL), no device lock and non-app store signer.
-
The most critical families of mobile malware continued to lean heavily towards Android surveillanceware.
-
The top ten most common mobile app vulnerabilities encountered by
Lookout users in Q2 2024 were in components of mobile browsers. Since
all mobile devices have a browser, attackers target these
vulnerabilities, in particular, hoping users haven't updated to patched
versions.
MDM and MTD Serve Different Purposes
Lookout data also shows that employees are just as likely to face
phishing attacks whether or not their organization manages their mobile
devices with MDM. Mobile phishing is a widespread threat that can target
any app with messaging capabilities. This includes not only email, SMS,
iMessage, WhatsApp, and Telegram but also social media platforms like
Instagram, TikTok, LinkedIn, mobile games and even dating apps.
MDM focuses on managing and controlling mobile devices within an
organization, enforcing policies, and ensuring device compliance. On the
other hand, Mobile Threat Defense (MTD) is specifically designed to
detect and protect against mobile cybersecurity threats, providing
real-time threat detection, remediation, and blocking capabilities.
While MDM manages devices, MTD focuses on securing them from potential
threats.
"Attackers have proven over and over again that targeting employees
through mobile-based phishing attacks, such as SMS phishing and voice
phishing, can be highly successful. To combat these threats, Lookout
recommends implementing a comprehensive defense strategy that safeguards
against multiple points of compromise, including mobile, cloud and data
protection," said David Richardson, Vice President of Endpoint and
Threat Intelligence, Lookout. "MDM solutions are essential for managing
enterprise environments and ensuring consistency across devices, but
they are not designed to provide security. It's important to view MDMs
as a complement to MTD solutions, which can effectively protect against
mobile phishing and other threats that MDMs cannot address."
Mobile Threat Defense Industry Leadership
Backed by a world-class mobile threat intelligence team, Lookout offers a
defense-in-depth approach to cybersecurity that is designed to protect
an organization's data against the Modern Kill Chain. With the largest database of threat telemetry, Lookout has a deep understanding of mobile and cloud threats.
Lookout Mobile Endpoint Security
is the industry's most advanced MTD solution to deliver mobile endpoint
detection and response (Mobile EDR). Lookout provides visibility into
mobile threats and state-sponsored spyware, while also protecting
against mobile phishing and credential theft that can lead to
unauthorized access to sensitive corporate data. Lookout is FedRAMP JAB
P-ATO Authorized and available through CDM DEFEND, trusted by enterprise
and government customers to protect sensitive data, enabling the
workforce to connect freely and safely from any device.
Lookout Threat Lab: Empowering Security Teams with Mobile Threat Intelligence
Lookout collects and analyzes proprietary data points to provide
customer security teams with comprehensive protection capabilities
against mobile cyber attacks. Its advanced threat intelligence and AI
machine learning technology ensure that mobile devices are safeguarded
from the latest threats.