Zimperium's Mobile Security Blog

What exactly is a mobile ______ attack?

What exactly is a mobile __________ attack?

Mobile devices contain or have access to the same information as traditional endpoints. While billions of dollars have been spent protecting and securing traditional endpoints, very little has been invested to protect mobile device endpoints. Attackers work on the same model as any other business: where do they get the greatest return on their investment of time and resources.

As a result, mobile devices have become a favorite attack target and that trend is not likely to decrease any time soon. As the worldwide leader in mobile threat defense (MTD), protecting millions of enterprise mobile endpoints around the world, Zimperium is in a unique leadership position to deliver insight into how mobile endpoints are being targeted through device, network, app and phishing tactics.

Please join JT Keating, Vice President of Product Strategy, for free, 30-minute webinars where we will introduce you to the four mobile attack vectors, explain the damage each can cause and review how to protect your enterprise. 

What exactly is a mobile device attack? 

Many conditions increase the threat exposure of mobile endpoints – the majority of which stem from the fact that users are the admins on these devices. Users are the ones that choose whether or not to update the OS away from known vulnerable OS versions, to have a PIN code set, to jailbreak their device, etc. 

Here are some insights of the major device threats analyzed by Zimperium in 1H19, as part of our State of Enterprise Mobile Security Report

  • 27% of enterprise mobile endpoints were exposed to device threats. 
  • Mobile OS vendors created patches for 440 security vulnerabilities (a 30% increase over 1H2018), the majority of which were critical.
    • In the 1H19, Apple patched 185 CVEs (Common Vulnerabilities and Exposures) compared to 120 during the same timeframe last year, or an increase of 54%. Over 60% of the 1H19 iOS CVEs were considered “critical” security threats.
    • In the 1H19, Google patched 255 CVEs compared to 492 during the same timeframe last year, or a drop of 48%. 20% of the 1H19 Android CVEs were considered “critical” and another 79% were considered “high” security threats.

In our free webinar on August 21st, we explained:

  • What device attacks are;
  • How device attacks can hurt your organization; and 
  • How you can protect your mobile endpoints from device attacks. 

What exactly is a mobile phishing attack?

According to the Verizon Data Breach Investigations Report, over 90% of all breaches begin with a phishing attack. Considering that almost two-thirds of emails are now read on mobile, mobile phishing is a real concern for enterprises. 

This is exacerbated by another factor: mobile endpoints are a primary place that users read their personal emails on systems not protected by enterprise mail gateways with phishing protections. In addition to credential loss, when a user simply accesses a phishing site on mobile, an exploit can be delivered that compromises the device.

In our free webinar on August 28th, we explained:

  • What mobile phishing is;
  • How mobile phishing can hurt your organization; and
  • How you can protect your mobile endpoints from phishing attacks.

What exactly is a mobile network attack? 

Risky networks and network activities can enable data loss and are often precursors to actual network attacks. Enterprise network threats are completely user-driven since they are the ones deciding which networks to access. 

Here are some insights of the major network threats analyzed by Zimperium so far in 2019 as part of our State of Enterprise Mobile Security Report

  • 32% of enterprise mobile endpoints encountered risky networks. 
  • 61% of network threats were unsecured and unencrypted WiFi networks. 
  • 93% of network attacks (and 86% of all attacks) were man-in-the-middle (MITM) variations wherein attackers hijack traffic to steal credentials/data or deliver exploits to compromise the device.

In our free webinar on September 4th, we explained:

  • What network attacks are;
  • How network attacks hurts your organization; and
  • How you can protect your mobile endpoints from network attacks. 

What exactly is a mobile app attack? 

Organizations are aware of malicious mobile app attacks, but few understand the threats that come from sideloaded apps or legitimate apps that have hidden security and privacy threats. With users being the admins of mobile endpoints, enterprises need a way to assess the threats of the installed mobile apps and create policies around their acceptable usage/existence. Here are some insights of the major app threats analyzed by Zimperium so far in 2019 as part of our State of Enterprise Mobile Security Report

  • 5% of enterprise mobile endpoints had sideloaded apps from sources outside the authorized and vetted Apple App Store or Google Play Store. 36% of the Android devices had sideloaded apps versus only 2% of iOS ones. 
  • 70% of iOS apps had advertising capabilities and iOS Bluetooth beacon usage exploded to 69% of apps (from 38% at the beginning of 2019), both of which can lead to data leakage and other exploit opportunities. 
  • 24% of iOS apps passed sensitive information over the web unencrypted. 
  • Malicious apps were 45% of all attacks on Android versus less than 1% of ones detected on iOS.

In our free webinar on September 11th, we explained:

  • What app attacks are;
  • How app attacks can hurt your organization; and
  • How you can protect your mobile endpoints from app attacks.