www.helpnetsecurity.com
Open in
urlscan Pro
54.71.215.219
Public Scan
URL:
https://www.helpnetsecurity.com/2024/12/26/mobile-devices-attacks/
Submission: On December 27 via api from TR — Scanned from US
Submission: On December 27 via api from TR — Scanned from US
Form analysis 1 forms found in the DOM
POST
<form id="mc4wp-form-1" class="mc4wp-form mc4wp-form-244483 mc4wp-ajax" method="post" data-id="244483" data-name="Footer newsletter form">
<div class="mc4wp-form-fields">
<div class="hns-newsletter">
<div class="hns-newsletter__top">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__title">
<i>
<svg class="hic">
<use xlink:href="#hic-plus"></use>
</svg>
</i>
<span>Cybersecurity news</span>
</div>
</div>
</div>
</div>
<div class="hns-newsletter__bottom">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__body">
<div class="row">
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="520ac2f639" id="mcs1">
<label class="form-check-label text-nowrap" for="mcs1">Daily Newsletter</label>
</div>
</div>
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="d2d471aafa" id="mcs2">
<label class="form-check-label text-nowrap" for="mcs2">Weekly Newsletter</label>
</div>
</div>
</div>
</div>
<div class="form-check form-control-lg mb-3">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="28abe5d9ef" id="mcs3">
<label class="form-check-label" for="mcs3">(IN)SECURE - editor's choice selection of topics (twice per month)</label>
</div>
<div class="input-group mb-3">
<input type="email" name="email" id="email" class="form-control border-dark" placeholder="Please enter your e-mail address" aria-label="Please enter your e-mail address" aria-describedby="hns-newsletter-submit-btn" required="">
<button class="btn btn-dark rounded-0" type="submit" id="hns-newsletter-submit-btn">Subscribe</button>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="AGREE_TO_TERMS" value="1" id="mcs4" required="">
<label class="form-check-label" for="mcs4">
<span>I have read and agree to the <a href="https://www.helpnetsecurity.com/newsletter/" target="_blank" rel="noopener" class="d-inline-block">terms & conditions</a>
</span>
</label>
</div>
</div>
</div>
</div>
</div>
</div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off"></label><input type="hidden" name="_mc4wp_timestamp"
value="1735271701"><input type="hidden" name="_mc4wp_form_id" value="244483"><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-1">
<div class="mc4wp-response"></div>
</form>Text Content
* News * Features * Expert analysis * Videos * Events * Whitepapers * Industry news * Product showcase * Newsletters * * * Please turn on your JavaScript for this page to function normally. Help Net Security December 26, 2024 Share IOS DEVICES MORE EXPOSED TO PHISHING THAN ANDROID The mobile threat landscape continues to grow at an alarming rate as cybercrime groups shift their tactics and target mobile devices in the early stages of their attacks, according to a recent Lookout report. The report highlights insights behind a 17% increase QoQ (quarter on quarter) in enterprise-focused credential theft and phishing attempts, 32% increase QoQ in malicious app detections and a trend showing iOS devices are more exposed to phishing attacks than Android devices. NEW MOBILE SURVEILLANCE TOOLS TIED TO CHINESE AND RUSSIAN APTS In a series of multiple novel threat discoveries, researchers have disclosed a number of mobile surveillanceware are tools developed by advanced persistent threat (APT) groups based in China and Russia including Gamaredon and more. More than 106,000 malicious apps were detected on enterprise mobile devices, which can vary widely from trojan malware to sophisticated spyware. Globally, mobile phishing and malicious web content have become synonymous with business email compromise (BEC), MFA bypass attacks, executive impersonation, and vulnerability exploitation. These attacks are typically low cost and high reward, and for that reason have become the preferred initial step in the modern kill chain. The most recent evolution in this threat vector is the use of executive impersonation attacks, which leverage an individual’s seniority and a lower-level employee’s innate desire to be helpful together to drive higher success rates. By creating a highly urgent situation and relying on lack of familiarity between the executive and the employee, attackers convince employees to share sensitive data, visit phishing pages, or send them money. iOS is more popular for enterprises than Android, therefore Lookout observed iOS targeted by threat actors more often (18.4%) in phishing attacks than Android (11.4%) in Q3 2024. Top device misconfigurations include out-of-date OS, out-of-date Android Security Patch Levels (ASPL), no device lock and no encryption. ATTACKERS TARGET MOBILE DEVICES TO BREACH ENTERPRISE CLOUD SYSTEMS The most critical families of mobile malware continued to lean heavily towards Android surveillanceware. The top ten most common mobile browser vulnerabilities encountered by Lookout users affect Chromium-based browsers. Attackers target these vulnerabilities in particular in hopes users haven’t updated to patched versions. Outside of browser vulnerabilities, the five most common mobile app vulnerabilities were in social media, messaging and authentication apps and app stores. With the commoditization of advanced malware, evolution of nation-state mobile malware capabilities, and a heavy reliance on mobile-focused social engineering, organizations today must have advanced mobile threat defense as part of their security strategy. Threat actors are increasingly targeting mobile devices to steal credentials and infiltrate the enterprise cloud in a pathway known as the modern kill chain. “As cyber threats evolve, we’re seeing more and more attacks targeting mobile devices as the gateway to corporate cloud apps that house sensitive data. This trend underscores the urgent need for advanced MTD solutions that not only protect devices but also safeguard the sensitive data and systems they connect to,” said David Richardson, VP of Endpoint, Lookout. The Lookout Mobile Threat Landscape Report is based on data derived from the Lookout Security Cloud’s AI-driven mobile dataset of more than 220 million devices, 360 million apps and billions of web items. More about * Android * cybercrime * cybersecurity * iOS * Lookout * mobile security * phishing * report * survey Share FEATURED NEWS * 2025 is going to be a bumpy year for IoT * How CISOs can make smarter risk decisions * US charges suspected LockBit ransomware developer How to leverage the 2024 MITRE ATT&CK Evaluation results RESOURCES * Download: The Ultimate Guide to the CCSP * Whitepaper: 9 traits of effective cybersecurity leaders of tomorrow * Download: The Ultimate Guide to the CISSP * Whitepaper: Securing GenAI * Report: Voice of Practitioners 2024 – The True State of Secrets Security DON'T MISS * 2025 is going to be a bumpy year for IoT * How CISOs can make smarter risk decisions * Evilginx: Open-source man-in-the-middle attack framework * Maximizing the impact of cybercrime intelligence on business resilience * How companies can fight ransomware impersonations Cybersecurity news Daily Newsletter Weekly Newsletter (IN)SECURE - editor's choice selection of topics (twice per month) Subscribe I have read and agree to the terms & conditions Leave this field empty if you're human: © Copyright 1998-2024 by Help Net Security Read our privacy policy | About us | Advertise Follow us ×