New Lookout Threat Research Proves Mobile Security Should Be Central to Modern Data Protection Strategies
September 10 2024 - 6:00AM
Business Wire
AI-Driven Threat Detections Indicate Attackers
Target Mobile Devices to Compromise Enterprise Credentials;
Malicious Links to Mobile Devices Increasing 70% Year Over Year
Lookout, Inc., the data-centric cloud security company, today
released the Lookout Mobile Threat Landscape Report for Q2 2024.
The report highlights insights behind a 70% YOY increase in mobile
phishing and malicious web content, dissects a new mobile
surveillanceware family and notes a significant increase in attacks
that enable root access to iOS devices. Lookout data also shows
that even if an organization manages employee devices with only a
Mobile Device Management (MDM) solution, those employees are just
as likely to encounter a phishing attack as organizations that
don’t use MDM.
The Lookout Mobile Threat Landscape Report is based on data
derived from the Lookout Security Cloud’s ever-growing AI-driven
mobile dataset of more than 220 million devices, 325 million apps
and billions of web items. The Lookout Security Cloud has
identified 462 million phishing and malicious sites since 2019. In
addition, it leverages AI to analyze data and identify malware,
phishing attacks, and other sophisticated network-based
threats.
Lookout data for Q2 2024 also reveals:
- A substantial uptick of 40.4% in mobile phishing attempts and
malicious web attacks targeting enterprise organizations.
- More than 80,000 malicious apps were detected on enterprise
mobile devices. Mobile app threats can vary widely, from invasive
permissions and riskware that pose significant compliance risks to
sophisticated spyware capable of tracking devices, stealing data,
eavesdropping on conversations and accessing the user’s camera and
microphone.
- In Q2, Lookout protected customers against 47 new mobile
malware families, and customers were given enhanced protection
against 101 known mobile malware families.
- Top device misconfigurations include out-of-date OS,
out-of-date Android Security Patch Levels (ASPL), no device lock
and non-app store signer.
- The most critical families of mobile malware continued to lean
heavily towards Android surveillanceware.
- The top ten most common mobile app vulnerabilities encountered
by Lookout users in Q2 2024 were in components of mobile browsers.
Since all mobile devices have a browser, attackers target these
vulnerabilities, in particular, hoping users haven't updated to
patched versions.
MDM and MTD Serve Different Purposes
Lookout data also shows that employees are just as likely to
face phishing attacks whether or not their organization manages
their mobile devices with MDM. Mobile phishing is a widespread
threat that can target any app with messaging capabilities. This
includes not only email, SMS, iMessage, WhatsApp, and Telegram but
also social media platforms like Instagram, TikTok, LinkedIn,
mobile games and even dating apps.
MDM focuses on managing and controlling mobile devices within an
organization, enforcing policies, and ensuring device compliance.
On the other hand, Mobile Threat Defense (MTD) is specifically
designed to detect and protect against mobile cybersecurity
threats, providing real-time threat detection, remediation, and
blocking capabilities. While MDM manages devices, MTD focuses on
securing them from potential threats.
“Attackers have proven over and over again that targeting
employees through mobile-based phishing attacks, such as SMS
phishing and voice phishing, can be highly successful. To combat
these threats, Lookout recommends implementing a comprehensive
defense strategy that safeguards against multiple points of
compromise, including mobile, cloud and data protection,” said
David Richardson, Vice President of Endpoint and Threat
Intelligence, Lookout. “MDM solutions are essential for managing
enterprise environments and ensuring consistency across devices,
but they are not designed to provide security. It's important to
view MDMs as a complement to MTD solutions, which can effectively
protect against mobile phishing and other threats that MDMs cannot
address.”
Mobile Threat Defense Industry Leadership
Backed by a world-class mobile threat intelligence team, Lookout
offers a defense-in-depth approach to cybersecurity that is
designed to protect an organization’s data against the Modern Kill
Chain. With the largest database of threat telemetry, Lookout has a
deep understanding of mobile and cloud threats.
Lookout Mobile Endpoint Security is the industry’s most advanced
MTD solution to deliver mobile endpoint detection and response
(Mobile EDR). Lookout provides visibility into mobile threats and
state-sponsored spyware, while also protecting against mobile
phishing and credential theft that can lead to unauthorized access
to sensitive corporate data. Lookout is FedRAMP JAB P-ATO
Authorized and available through CDM DEFEND, trusted by enterprise
and government customers to protect sensitive data, enabling the
workforce to connect freely and safely from any device.
Lookout Threat Lab: Empowering Security Teams with Mobile
Threat Intelligence
Lookout collects and analyzes proprietary data points to provide
customer security teams with comprehensive protection capabilities
against mobile cyber attacks. Its advanced threat intelligence and
AI machine learning technology ensure that mobile devices are
safeguarded from the latest threats.
Additional Resources:
- Click here for the Q2 Threat Landscape Report.
- Learn more about the Lookout Threat Lab and Lookout Mobile
Endpoint Security.
- To take an interactive walk through how Lookout Premium
customers can conduct proactive research on mobile malware in the
Lookout console, view this demo video.
- Listen and subscribe to Security Soapbox, the Lookout podcast
covering privacy, security, and everything in between.
About Lookout
Lookout, Inc. is the data-centric cloud security company that
uses a defense-in-depth strategy to address the different stages of
a modern cybersecurity attack, which now starts with mobile. Data
is at the core of every organization, and our approach to
cybersecurity is designed to protect that data within today’s
evolving threat landscape no matter where or how it moves. People —
and human behavior — are central to the challenge of protecting
data, which is why organizations need total visibility into threats
in real time, starting with the mobile endpoint. The Lookout Cloud
Security Platform is purpose-built to stop modern breaches as
swiftly as they unfold, from the first mobile phishing text to the
final cloud data extraction. We are trusted by enterprises and
government agencies of all sizes to protect the sensitive data they
care about most, enabling them to work and connect freely and
securely. To learn more, visit www.lookout.com and follow Lookout
on our blog, LinkedIn and X.
© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®,
LOOKOUT with Shield Design® and the Lookout
multi-color/multi-shaded Wingspan Design® are registered trademarks
of Lookout, Inc. in the United States and other countries. DAY OF
SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are
registered trademarks of Lookout, Inc. in the United States.
Lookout, Inc. maintains common law trademark rights in EVERYTHING
IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield
Design.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240910967476/en/
Contact Lookout PR: press@lookout.com