Zimperium Global Mobile Threat Report reveals 187% year-on-year increase in compromised devices

The Zimperium Global Mobile Threat Report 2023 has revealed a significant increase in sophisticated attacks against mobile devices, highlighting the growing risks posed to mobile-powered businesses.

Zimperium Global Mobile Threat Report: trends

The Zimperium Global Mobile Threat Report 2023 reveals a continued growth toward mobile-powered business along with the increasingly sophisticated security risks facing it, including spyware, phishing, and ransomware.

The report examines the most important trends that shaped the mobile security landscape over the last year and draws on the research from Zimperium’s zLabs researchers, as well as third-party industry data, partner insights, and observations from leading industry influencers.

Zimperium Global Mobile Threat Report: data

Key among the Zimperium Global Mobile Threat Report 2023 findings is that 43% of all compromised devices were fully exploited (not jailbroken or rooted), an increase of 187% year-over-year.

“The explosive growth in mobile device and app usage has created an ever-growing attack surface,” said Shridhar Mittal, CEO of Zimperium.

Mittal explained: “Mobile devices are integral to the way we work, communicate, navigate, bank, and stay informed – creating new opportunities for malware. Last year’s Global Mobile Threat Report revealed that 60% of the endpoints accessing enterprise assets were mobile devices, and this does not seem to be slowing down.

Mittal concluded: “Mobile-powered businesses must increase mobile security measures to protect the personal data security of employees and the sensitive information belonging to the organization.”

Key Findings

• Phishing attacks against mobile devices are growing. 80% of phishing sites target mobile devices specifically or are designed to function both on desktop and mobile. Meanwhile, the average user is six to ten times more likely to fall for SMS phishing attacks than email-based attacks.
• During 2022, Zimperium detected an average of four malicious/phishing links clicked for every device covered with its anti-phishing technology.
• EMEA and North America have the highest percentage of devices being impacted by spyware, with EMEA at 35% and North America at 25%.
• Both Apple and Android saw increasing instances of detected vulnerabilities. There was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild.
• Malware is continuing to proliferate rapidly. Between 2021 and 2022, the total number of unique mobile malware samples rose 51%, with more than 920,000 samples detected, including Dirty RatMilad, MoneyMonger and Dark Herring. Zimperium  protected its customers from 2,000 samples each week that were not yet identified by the industry in general (“zero-day” malware).
• In 2021, Zimperium detected malware on 1 out of 50 Android devices. It increased significantly in 2022 to 1 out of every 20 devices.
• Improper cloud storage configurations in mobile apps are a leading attack surface. Our analysis concluded that ±2% of all iOS and ±10% of all Android mobile apps accessed insecure cloud instances.

Mobile -powered opportunities

“There is a fundamental issue that today’s modern organisations must contend with–how can they capitalise on the opportunities of being mobile-powered without being exposed to evolving risks,” said Jon Paterson, CTO of Zimperium.

He added: “To thrive, it is critical that they employ a mobile-first security strategy–one where they continually prioritize and assess risk as close to the user and device as possible, and baseline and continuously assess vulnerability posture to operate in a known state with complete visibility.

“They must take responsive action on risk detection: leverage zero trust and conditional access workflows, leverage XDR and autonomous, 3rd party integrations and ensure they assess and stay updated on global privacy regulations and the risks that affect apps they develop and use.”

“We hear it from our customers all the time: unmanaged BYOD devices expand the attack surface, introduce critical cybersecurity vulnerabilities, and are a necessity in the work-from-anywhere economy,” said RSA Chief Product Officer Jim Taylor, who detailed how these trends led to the development of RSA^® Mobile Lock in Zimperium’s report.

“The Global Mobile Threat Report reveals why mobile security is becoming an urgent need for organizations, and why security-first leaders rely on Zimperium and RSA to help them address this emerging threat.”

“It is clear that mobile threats are becoming more frequent and dangerous, as bad actors increasingly target smartphones as high-value targets,” said Phil Hochmuth, programme VP, Enterprise Mobility at IDC. “This should be a wakeup call for enterprises to increase focus and investment in mobile security tools and practices.”