Lookout Threat Research Highlights Growing Mobile Security Risks
May 22 2024 - 10:00AM
Business Wire
Mobile Threat Landscape Report Finds Malicious
Links Targeting Mobile Devices Tripled Year Over Year
Lookout, Inc., the data-centric cloud security company, today
released the Lookout Mobile Threat Landscape Report for Q1 2024.
According to Lookout data, in the first quarter of 2024, the number
of phishing, malicious, denylisted and offensive links delivered to
Lookout customers’ mobile devices tripled compared to Q1 2023.
Lookout also saw a massive jump in social engineering and phishing
attempts and attacks targeting multi-factor authentication (MFA)
solutions.
The Lookout Mobile Threat Landscape Report is based on data
derived from the Lookout Security Cloud’s ever-growing AI-driven
mobile dataset that analyzes data from more than 220 million
devices, 325 million apps and billions of web items.
Lookout data for Q1 2024 also shows:
- As of today, more than 20% of iOS users are still using
outdated versions, leaving their devices and data vulnerable to
exploits. Lookout mobile security experts recommend immediately
updating to the latest version to protect against lingering
vulnerabilities.
- Top device misconfigurations include out-of-date OS (37.7%), no
device lock (14.2%), out-of-date Android Security Patch Levels
(ASPL) (13.6%) and non-app store signer (2.2%).
- The most critical families of mobile malware weighed heavily
towards mobile (Android) surveillanceware.
- The top ten most common mobile app vulnerabilities encountered
by Lookout users in Q1 2024 were all in components of mobile
browsers. Attackers exploit these vulnerabilities using maliciously
crafted web pages delivered via links. Since most mobile devices
run Chrome, Firefox, Safari, or Edge, attackers target these
browsers, hoping users haven't updated to patched versions.
In April 2024, Lookout conducted a survey among 250 U.S.-based
CISOs and cybersecurity leaders that underscores the growing need
for Mobile Threat Defense. An overwhelming 97% of respondents
believe that malicious mobile apps or extensive mobile app
permissions – such as access to contacts, SMS, camera and
microphone – pose a threat to their organization and could result
in the leakage of sensitive data. Within the last six months, 75%
of organizations experienced mobile phishing attempts targeting
their employees.
As seen with Scattered Spider attacks against enterprises,
employee accounts were compromised within minutes of the attack's
initiation, followed by immediate internal social engineering via
platforms including Slack, email and Microsoft Teams. Sensitive
data was stolen within the first five minutes of the attack. The
Modern Kill Chain, as defined by Lookout, emphasizes that it is
crucial to respond to an attack immediately.
“Reflecting on the first quarter of 2024, this report
encapsulates our discoveries, affirming that mobile threats have
shifted from the sidelines to the forefront of contemporary
cybersecurity strategies,” said David Richardson, Vice President of
Endpoint and Threat Intelligence, Lookout. “Organizations must be
equipped to respond swiftly to meet the rapid nature of today's
threats. In navigating this landscape, Lookout is unrivaled in
understanding the nuances of mobile security and how mobile attacks
lead to organizations being compromised.”
Mobile Threat Defense Industry Leadership
Backed by a world-class mobile threat intelligence team, Lookout
offers a defense-in-depth approach to cybersecurity that is
designed to protect an organization’s data against the Modern Kill
Chain. With the largest database of threat telemetry, Lookout has a
deep understanding of mobile and cloud threats.
The Lookout Security Cloud has identified 450,000,000 phishing
and malicious sites since 2019. In Q1 2024, the total number of
sites blocked by Lookout’s Mobile Threat Defense solution, Lookout
Mobile Endpoint Security, surged by 273% compared to Q1 2023. There
was an increase of 290% in the blocking of denylisted and offensive
content, alongside a substantial uptick of 97.8% in preventing
enterprise phishing attempts and malicious web attacks.
Lookout Mobile Endpoint Security is the industry’s most advanced
Mobile Threat Defense solution to deliver mobile endpoint detection
and response (Mobile EDR). Lookout provides visibility into mobile
threats and state-sponsored spyware, while also protecting against
mobile phishing and credential theft that can lead to unauthorized
access to sensitive corporate data. Lookout is FedRAMP JAB P-ATO
Authorized and available through CDM DEFEND, trusted by enterprise
and government customers to protect sensitive data, enabling the
workforce to connect freely and safely from any device.
Lookout Threat Lab: Empowering Security Teams with Mobile
Threat Intelligence
Lookout collects and analyzes proprietary data points to provide
customer security teams with comprehensive protection capabilities
against mobile cyber attacks. Its advanced threat intelligence and
AI machine learning technology ensure that mobile devices are
safeguarded from the latest threats.
Additional Resources:
- Learn more about the Lookout Threat Lab and Lookout Mobile
Endpoint Security.
- To take an interactive walk through how Lookout Premium
customers can conduct proactive research on mobile malware in the
Lookout console, view this demo video.
- Listen and subscribe to Security Soapbox, the Lookout podcast
covering privacy, security, and everything in between.
About Lookout
Lookout, Inc. is the data-centric cloud security company that
uses a defense-in-depth strategy to address the different stages of
a modern cybersecurity attack, which now starts with mobile. Data
is at the core of every organization, and our approach to
cybersecurity is designed to protect that data within today’s
evolving threat landscape no matter where or how it moves. People —
and human behavior — are central to the challenge of protecting
data, which is why organizations need total visibility into threats
in real time, starting with the mobile endpoint. The Lookout Cloud
Security Platform is purpose-built to stop modern breaches as
swiftly as they unfold, from the first mobile phishing text to the
final cloud data extraction. We are trusted by enterprises and
government agencies of all sizes to protect the sensitive data they
care about most, enabling them to work and connect freely and
securely. To learn more, visit www.lookout.com and follow Lookout
on our blog, LinkedIn and X.
© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®,
LOOKOUT with Shield Design® and the Lookout
multi-color/multi-shaded Wingspan Design® are registered trademarks
of Lookout, Inc. in the United States and other countries. DAY OF
SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are
registered trademarks of Lookout, Inc. in the United States.
Lookout, Inc. maintains common law trademark rights in EVERYTHING
IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield
Design.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240522782761/en/
Lookout PR: press@lookout.com