A new report from mobile security platform provider Zimperium Inc. finds increasing vulnerabilities in the mobile landscape and an expanding attack surface created by the rapid adoption of mobile devices and apps.

The company’s Global Mobile Threat Report 2023 digs into the growing security challenges faced by mobile-powered businesses and the need for stronger mobile security measures. The report highlights several significant findings that indicate the increasing vulnerabilities in the mobile landscape.

Leading the list was the finding that 43% of compromised devices are now fully exploited, up 187% from the previous year. Phishing attacks targeting mobile devices are also said to be a growing concern, with 80% of phishing sites now designed explicitly for mobile or compatible with both mobile and desktop platforms. Interestingly, the report found that the average user is six to 10 times more likely to fall victim to SMS phishing attacks than email-based attacks.

The report also reveals that Europe, the Middle East and Africa experienced the highest percentage of devices impacted by spyware, at 35% and 25% each. Android devices saw an increase in detected vulnerabilities, up 138% year-over-year, while Apple Inc. devices accounted for a surprising 80% of all zero-day vulnerabilities actively exploited in the wild.

The proliferation of mobile malware was also identified as an area of concern, with the number of unique mobile malware samples surging by 51% between 2021 and 2022 to more than 920,000. Improper cloud storage configurations in mobile apps were also noted to serve as a prominent attack surface, with 14% of mobile apps using cloud storage having unsecured configurations, rendering them vulnerable to exploitation.

“The explosive growth in mobile device and app usage has created an ever-growing attack surface,” Shridhar Mittal, chief executive officer of Zimperium, said ahead of the report’s release. “Mobile-powered businesses must increase mobile security measures to protect the personal data security of employees and the sensitive information belonging to the organization.”

Mika Aalto, co-founder and chief executive of enterprise security awareness solutions provider Hoxhunt Oy, told SiliconANGLE that one of the most effective strategies for preventing mobile phishing attacks is to make phishing behavior change the strategic center of the security stack.

Doing so “means integrating human threat intelligence with your protect-detect-respond capabilities,” he explained. “A good human risk management platform will help chief information security officers train the workforce as individuals at scale until they instinctively recognize and report phishing attacks.”

The ideal outcome of a phishing attack is a threat report, Aalto added. “It removes the danger from the system and alerts the security team to the threat,” he said. “As more threat reports swell the threat feed, make sure you have the security operations center resources and the automation to orchestrate the threat feed data so you can focus on what matters.”

Image: Bing Image Creator