Last year, 97% of enterprises globally faced mobile threats that used multiple attack vectors, according to a recent report by Tel Aviv based cybersecurity company Check Point Software.
The 2021 Mobile Security report, which predicts trends in malware, device vulnerabilities and in-nation state cyber-attacks also said that about 46% of all organisations had at least one employee who downloaded a malicious mobile application.
The numbers are even more alarming given that 60% of workforces are forecast to be mobile by 2024, and mobile security will be a crucial priority for all enterprises.
“Cybercriminals are continuing to evolve and adapt their techniques to exploit our growing reliance on mobiles. Enterprises need to adopt mobile security solutions which seamlessly protect devices,” said Neatsun Ziv, vice president, Threat Prevention at Check Point Software.
The research collated data from over 1,800 organizations between January and December 2020, mainly from mobile devices which had installed CheckPoint’s Harmony Mobile cybersecurity application.
The research also pulled in 12 months of data from CheckPoint’s network, ThreatCloud intelligence, which gives threat data and attack trends from a global network of threat sensors. The research showed that about 93% of all attacks originated in a device network and attempted to trick users to install a malicious payload and steal user credentials.
Additionally, Checkpoint said that four out of 10 mobile phones globally are vulnerable due to flaws in their chipsets and will require urgent patching.
2020 also witnessed a 15% increase in Trojan attacks in the banking sector, mainly through tools such as Mobile Remote Access Trojans (MRATs) and premium dialers. Their biggest disguise is to claim that they offer COVID-19 related information.
Advanced persistent threat (APT) groups also view mobile devices as attractive targets, according to the report. An example of a recent APT was Iran’s hacker group Rampant Kitten, which has conducted elaborate and sophisticated targeted attacks to spy and steal sensitive data of users.