Boston-based cloud security firm Lookout has released its 2024 Q3 Mobile Threat Landscape Report, revealing that iOS devices face greater exposure to phishing and web content threats compared to Android. Covering the period from July to September 2024, the report highlights the evolving nature of mobile threats as cybercriminals increasingly target mobile devices at the initial stages of their attacks. Researchers at the Lookout Threat Lab noted a 17% increase in enterprise-focused credential theft and phishing attempts over the previous quarter and a 32% surge in malicious app detections.
One of the most concerning findings from the study is that 19% of enterprise iOS devices experienced at least one mobile phishing attack during each of the first three quarters of 2024, while only 10.9% of Android enterprise devices were exposed to similar threats. This trend challenges the perception that Apple’s devices offer superior security. According to Lookout, mobile phishing has become the primary threat vector for enterprises, with attackers using increasingly sophisticated techniques to deceive users and steal sensitive data.
In addition to phishing threats, Lookout disclosed the discovery of two mobile surveillanceware families that are being operated by advanced persistent threat (APT) groups based in China and Russia. These surveillance tools are capable of extracting sensitive information, monitoring communications, and conducting long-term espionage on targeted individuals and organizations. The company warns that such tools pose a significant risk to enterprises and high-profile individuals, especially in industries like government, finance, and defense.
Phishing and Malicious Web Content:
Globally, mobile phishing and malicious web content have become synonymous with business email compromise (BEC), MFA bypass attacks, executive impersonation, and vulnerability exploitation. These attacks are typically low cost and high reward, and for that reason have become the preferred initial step in the modern kill chain.
The most recent evolution in this threat vector is the use of executive impersonation attacks, which leverage an individual’s seniority and a lower-level employee’s innate desire to be helpful together to drive higher success rates. By creating a highly urgent situation and relying on lack of familiarity between the executive and the employee, attackers convince employees to share sensitive data, visit phishing pages, or send them money.
The report emphasizes the importance of proactive mobile security measures as organizations increasingly rely on mobile devices for daily operations. With the rise of remote work and mobile-first business models, cybercriminals are exploiting mobile vulnerabilities to launch targeted attacks. Experts at Lookout urge enterprises to prioritize mobile threat defense strategies to safeguard their workforce and critical data.
The findings in Lookout’s report serve as a wake-up call for businesses to address mobile security risks. Companies that fail to implement comprehensive mobile security measures risk financial loss, data breaches, and reputational damage. As mobile threats continue to grow, securing mobile endpoints is no longer optional but an essential part of a modern cybersecurity strategy.
