International. A recent Global Mobile Threat Report 2023 reveals continued growth towards mobile-driven businesses alongside the increasingly sophisticated security risks it faces, including spyware, phishing and ransomware, analyst Zimperium revealed.
Key among the findings is that 43% of all compromised devices were fully exploited (not jailbroken or rooted), an increase of 187% year-over-year.
"The explosive growth in the use of mobile apps and devices has created an ever-widening attack surface," said Shridhar Mittal, chief executive officer of Zimperium. "Mobile devices are integral to the way we work, communicate, browse, bank and stay informed, creating new opportunities for malware. Last year's Global Mobile Threat Report revealed that 60% of endpoints accessing enterprise assets were mobile devices, and this doesn't seem to be decreasing. Mobile-enabled businesses must increase mobile security measures to protect the security of employees' personal data and sensitive information belonging to the organization."
The mobile-based initiatives of today's businesses and government agencies are under attack. Zimperium's latest research highlights the sobering reality that the rise of mobile businesses is opening the door to vulnerability gaps that are being specifically targeted by cybercriminals and nation-states.
Key results
*Phishing attacks against mobile devices are growing. 80% of phishing sites specifically target mobile devices or are designed to work on both desktop and mobile. Meanwhile, the average user is six to ten times more likely to fall for SMS phishing attacks than email-based attacks.
*During 2022, Zimperium detected an average of four malware/phishing links clicked for each device covered with its anti-phishing technology.
EMEA and North America have the highest percentage of devices affected by spyware, with EMEA at 35% and North America at 25%.
*Both Apple and Android saw more and more instances of vulnerabilities detected. There was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of zero-day vulnerabilities that are being actively exploited in the wild.
*Malware continues to proliferate rapidly. Between 2021 and 2022, the total number of unique mobile malware samples increased by 51%, with more than 920,000 samples detected, including Dirty RatMilad, MoneyMonger and Dark Herring. Zimperium protected its customers from 2000 samples each week that had not yet been identified by the industry at large ("zero-day" malware).
*In 2021, Zimperium detected malware on 1 in 50 Android devices. It increased significantly in 2022 to 1 in 20 devices.
*Improper cloud storage configurations in mobile apps are one of the main attack surfaces. Our analysis found that ±2% of all iOS and ±10% of all Android mobile apps accessed insecure cloud instances.
