More than two million mobile malware samples were detected in the wild last year, with threats impacting over 10 million devices globally, according to new data from Zimperium.
The mobile security vendor compiled its 2022 Global Mobile Threat Report based on insight collected from its security research team and a survey of global tech leaders.
It claimed that over two-fifths (42%) of organizations had witnessed a security incident stemming from unpatched mobile apps or devices, while more than a fifth (23%) encountered malicious apps.
Nearly a third (30%) of zero-day vulnerabilities in 2021 targeted mobile devices, and there was a 466% year-on-year increase in exploited zero-day vulnerabilities used in active attacks against mobiles, the study claimed.
Interestingly, despite its reputation as a more secure ecosystem, vulnerabilities in iOS accounted for 64% of mobile-specific zero-day attacks.
Many of these threats start with a phishing lure: three-quarters (75%) of the phishing sites analyzed by Zimperium specifically targeted mobile devices.
Interestingly, cloud misconfiguration is a significant cyber-related risk in the mobile sphere. Zimperium’s analysis of over 1.3 million Android and iOS apps revealed that 14% of those using public cloud backends had misconfigurations that exposed users’ personal information.
Part of the challenge for security leaders is managing the growing number of consumer devices being used for work and connecting to corporate assets. Two-thirds (66%) of smartphones and over half (55%) of tablets used in the enterprise last year were employee-owned, according to the study.
Before the pandemic, 60% of organizations had no BYOD policies in place.
Zimperium also found that mobile users in APAC are twice as likely to encounter malicious websites versus the global average, while 30% of devices in Africa encountered malware last year.
“Smartphones play an increasingly integral role in our personal and professional lives. For work, it’s grown routine for us to use our phones to store passwords, do multi-factor authentication, access corporate files and applications, and more,” explained Zimperium product strategy director Richard Melick.
“Whether through device exploits, application misconfigurations, malware, or leaky databases, the mobile device has become a common target for malicious actors globally.”