Mobile malware targeted at the enterprise is becoming increasingly sophisticated, according to security firm Lookout Inc.’s latest mobile threats report. The paper, titled Enterprise Mobile Threats 2014: A Year In Review, warns that attackers stepped up their focus on application-delivered attacks over the last year, developing an armory of new, highly sophisticated malware programs designed to infiltrate secure corporate networks.

Not only are mobile threats becoming more dangerous, they’re becoming more prevalent and more costly to the enterprise too. Lookout reports the percentage of infected enterprise mobile devices in the U.S. rose by 75 percent in the last year, from 4 percent to 7 percent. Even worse, the damage inflicted by such attacks has never been higher, with the average data breach costing organizations $3.5 million to mitigate.

Lookout’s report identifies an especially nasty Trojan called NotCompatible.C as the most prevalent threat facing U.S and UK organizations. NotCompatible.C is a particularly devious virus that contains proxy functionality which could allow attackers to infiltrate even the most secure corporate networks. Moreover, the Trojan employs a number of self-defense mechanisms, which allow it to evade detection from most types of antivirus software.

“With peer-to-peer encrypted communications and a two-tiered server architecture, NotCompatible.C ranks amongst the most technically-sophisticated mobile security threats ever detected,” noted the paper.

Added to the dangers of increasingly sophisticated malware is that many businesses remain somewhat ignorant of the risks they face. Lookout undertook a number of mobile risk assessments at various U.S. organizations in 2014, and found that many “doubted the prevalence of mobile threats” and didn’t believe that ‘BYOD’ was a risky activity. Lookout cites a study of one unnamed U.S. federal agency in its report, where it discovered mobile threats on an astonishing 29 percent of the 488 mobile devices it sampled. Ten of these devices were found to be infected with NotCompatible.C malware.

In order to mitigate the risks of mobile threats, Lookout advises organizations to implement some kind of mobile security platform to monitor devices connecting to its network and to protect against any suspicious activity. “By detecting threats at the device level, organizations can block and prevent installation before an attacker can perform hostile activity,” the report notes. In addition, Lookout recommends employing a strategy of limiting devices to isolated network segments, while continuing to educate employees on mobile security best practices.

photo credit: 18percentgrey via photopin cc