Zimperium published a report unveiling new data and comprehensive analysis of the state of mobile security worldwide.
In 2021, the Zimperium zLabs team discovered threats impacting 10 million mobile devices in at least 214 countries. Mobile malware was the most prevalent threat, encountered by nearly 1 in 4 mobile endpoints within the global customer base. Throughout the year, the team detected 2,034,217 new mobile malware samples in the wild, equating to an average of nearly 36,000 new strains of malware a week and over 5,000 a day.
“In two short years, our work environment became way more complex and sophisticated than it was at the beginning of 2020. Distributed and hybrid workforces, ever-connected devices, high speed 5G connectivity, and increased critical data access from remote locations have spread enterprises worldwide,” said Shridhar Mittal, Zimperium’s CEO.
“This level of mobile connectivity will remain the expectation for workers, customers, and enterprises for decades to come, but today’s cybersecurity was not built to support these environments – and attackers know it. Organizations need to come to terms with how to effectively secure this new reality, and this research will provide critical visibility and insights to help get there.”
According to Google, exploited zero-day vulnerabilities used in active attacks against mobile endpoints skyrocketed in 2021 by 466% year over year. In addition, new data from Zimperium demonstrates the growing threat posed by different mobile attack vectors, such as phishing. From 2019 to 2021, Zimperium analyzed more than 500,000 phishing sites and found that the number of mobile-specific phishing websites grew by 50%. Further, over the course of 2021, 75% of the phishing sites Zimperium analyzed specifically targeted mobile devices.
Over the past two years, attackers have also exhibited an increasing sophistication in their methods for executing phishing attacks. For example, the percentage of phishing sites using HTTPS has grown steadily, from less than 40% in 2019 to nearly 60% in 2021, making it increasingly difficult for users to distinguish these sites from those that are legitimate.
While the report provides an extensive, worldwide snapshot of the current state of mobile threats, it also dissects the data to show differences in regional environments. This shows how savvy attackers adapt the tactics they use based on the mobile environment and perceived vulnerabilities in different regions.
The data, inclusive of all threats and risks detected and prevented among enterprise clients, exposes the pervasiveness of different tactics from around the globe, giving organizations valuable insight into regional landscapes.
Overall, the data in the report shows the diversity in risks, threats, and attacks targeting mobile endpoints on a global scale. Mobile malware continues to dominate the threat landscape, acting as the most efficient and effective method to attack, compromise, and steal from mobile endpoints. Network-based attacks are also incredibly effective and prominent, taking advantage of the mobile phone’s big differentiator – the ability to always be connected.
With the rise in remote and distributed workers and customers, enterprises need to prepare and secure against an ever-changing landscape of threats based on where their employees, apps, and data are in the world. The modern attack surface has grown, and threats to enterprises continue to be prevalent and effective against unsecured devices.Daily Newsletter- E-mail sent every business day with a recap of the last 24 hoursWeekly Newsletter- E-mail sent every Monday with a recap of the last 7 days(IN)SECURE Magazine- E-mail sent when a new issue is released
I have read and agree to the terms & conditions