September 10, 2024

New Lookout Threat Research Proves Mobile Security Should Be Central to Modern Data Protection Strategies

AI-Driven Threat Detections Indicate Attackers Target Mobile Devices to Compromise Enterprise Credentials; Malicious Links to Mobile Devices Increasing 70% Year Over Year 

BOSTON, September 10, 2024 – Lookout, Inc., the data-centric cloud security company, today released the Lookout Mobile Threat Landscape Report for Q2 2024. The report highlights insights behind a 70% YOY increase in mobile phishing and malicious web content, dissects a new mobile surveillanceware family and notes a significant increase in attacks that enable root access to iOS devices. Lookout data also shows that even if an organization manages employee devices with only a Mobile Device Management (MDM) solution, those employees are just as likely to encounter a phishing attack as organizations that don’t use MDM.

The Lookout Mobile Threat Landscape Report is based on data derived from the Lookout Security Cloud’s ever-growing AI-driven mobile dataset of more than 220 million devices, 325 million apps and billions of web items. The Lookout Security Cloud has identified 462 million phishing and malicious sites since 2019. In addition, it leverages AI to analyze data and identify malware, phishing attacks, and other sophisticated network-based threats.

Lookout data for Q2 2024 also reveals:

  • A substantial uptick of 40.4% in mobile phishing attempts and malicious web attacks targeting enterprise organizations.
  • More than 80,000 malicious apps were detected on enterprise mobile devices. Mobile app threats can vary widely, from invasive permissions and riskware that pose significant compliance risks to sophisticated spyware capable of tracking devices, stealing data, eavesdropping on conversations and accessing the user’s camera and microphone. 
  • In Q2, Lookout protected customers against 47 new mobile malware families, and customers were given enhanced protection against 101 known mobile malware families.
  • Top device misconfigurations include out-of-date OS, out-of-date Android Security Patch Levels (ASPL), no device lock and non-app store signer.
  • The most critical families of mobile malware continued to lean heavily towards Android surveillanceware. 
  • The top ten most common mobile app vulnerabilities encountered by Lookout users in Q2 2024 were in components of mobile browsers. Since all mobile devices have a browser, attackers target these vulnerabilities in particular, hoping users haven't updated to patched versions.

MDM and MTD Serve Different Purposes 

Lookout data also shows that employees are just as likely to face phishing attacks whether or not their organization manages their mobile devices with MDM. Mobile phishing is a widespread threat that can target any app with messaging capabilities. This includes not only email, SMS, iMessage, WhatsApp, and Telegram but also social media platforms like Instagram, TikTok, LinkedIn, mobile games and even dating apps. 

MDM focuses on managing and controlling mobile devices within an organization, enforcing policies, and ensuring device compliance. On the other hand, Mobile Threat Defense (MTD) is specifically designed to detect and protect against mobile cybersecurity threats, providing real-time threat detection, remediation, and blocking capabilities. While MDM manages devices, MTD focuses on securing them from potential threats.

“Attackers have proven over and over again that targeting employees through mobile-based phishing attacks, such as SMS phishing and voice phishing, can be highly successful. To combat these threats, Lookout recommends implementing a comprehensive defense strategy that safeguards against multiple points of compromise, including mobile, cloud and data protection,” said David Richardson, Vice President of Endpoint and Threat Intelligence, Lookout. “MDM solutions are essential for managing enterprise environments and ensuring consistency across devices, but they are not designed to provide security. It's important to view MDMs as a complement to MTD solutions, which can effectively protect against mobile phishing and other threats that MDMs cannot address.”

Mobile Threat Defense Industry Leadership

Backed by a world-class mobile threat intelligence team, Lookout offers a defense-in-depth approach to cybersecurity that is designed to protect an organization’s data against the Modern Kill Chain. With the largest database of threat telemetry, Lookout has a deep understanding of mobile and cloud threats. 

Lookout Mobile Endpoint Security is the industry’s most advanced MTD solution to deliver mobile endpoint detection and response (Mobile EDR). Lookout provides visibility into mobile threats and state-sponsored spyware, while also protecting against mobile phishing and credential theft that can lead to unauthorized access to sensitive corporate data. Lookout is FedRAMP JAB P-ATO Authorized and available through CDM DEFEND, trusted by enterprise and government customers to protect sensitive data, enabling the workforce to connect freely and safely from any device.

Lookout Threat Lab: Empowering Security Teams with Mobile Threat Intelligence 

Lookout collects and analyzes proprietary data points to provide customer security teams with comprehensive protection capabilities against mobile cyber attacks. Its advanced threat intelligence and AI machine learning technology ensure that mobile devices are safeguarded from the latest threats. 

Additional Resources:

About Lookout

Lookout, Inc. is the data-centric cloud security company that uses a defense-in-depth strategy to address the different stages of a modern cybersecurity attack, which now starts with mobile. Data is at the core of every organization, and our approach to cybersecurity is designed to protect that data within today’s evolving threat landscape no matter where or how it moves. People — and human behavior — are central to the challenge of protecting data, which is why organizations need total visibility into threats in real time, starting with the mobile endpoint. The Lookout Cloud Security Platform is purpose-built to stop modern breaches as swiftly as they unfold, from the first mobile phishing text to the final cloud data extraction. We are trusted by enterprises and government agencies of all sizes to protect the sensitive data they care about most, enabling them to work and connect freely and securely. To learn more, visit www.lookout.com and follow Lookout on our blog, LinkedIn and X.

Contact Lookout PR: press@lookout.com 

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.

Subscribe

Sign-up for the latest Lookout news and threat research

By subscribing you agree with our Privacy Policy
Follow on
Lookout