At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    2021 mobile security: Android more vulnerabilities, iOS more zero-days

    Mobile security company Zimperium has released its annual mobile threat report where security trends and discoveries in the year that passed lay the groundwork for predicting what’s coming in 2022. 

    In general, the focus of malicious actors on mobile platforms has increased compared to previous years, mainly due to the push of the global workforce to remote working.

    This focus manifested in more significant malware distribution volumes, phishing and smishing attacks, and more efforts to discover and leverage zero-day exploits.

    Zero-day vulnerabilities are publicly disclosed or actively exploited bugs with no fixes available from the vendor or developers. As it is vital to fix zero-day bugs, vendors typically rush to release security updates once they are disclosed.

    However, according to Zimperium’s client stats and a survey conducted for the report, only about 42% of people working in BYOD (bring your own device) environments applied high-priority fixes within two days from their release.

    Roughly one-third required up to a week, while a significant 20% hadn’t patched their mobile devices before reaching the two-week mark.

    Threats by region

    In 2021, actors focused more on remote workforce or on-premise mobile devices, leading to increased malicious network scans and man-in-the-middle (MiTM) attacks. These attacks are aimed at stealing sensitive information that plays a crucial role in more significant attacks against corporate networks.

    The most prevalent threats for each region of the world in 2021 were the following:

    • Asia/Pacific – malicious websites, malware, MiTM
    • Africa – malware
    • Europe – malware, malicious local scans, MiTM
    • North America – malware, MiTM
    • South America- malware, malicious local scans

    Globally, mobile malware was a problem encountered in 23% of all endpoints protected by Zimperium in 2021, followed by MiTM (13%), malicious websites (12%), and scans (12%).

    2022 Outlook

    As the importance of mobile devices in life and work continues to grow and the number of smartphone users reaches new highs, threat actors are expected to keep up their efforts to attack users on the go.

    Even with semiconductor shortages causing supply problems for 2022, smartphone shipments are forecasted to be 1.43 billion. Unfortunately, many of these devices will be the weakest link in the security chain of large organizations, and hence they will be targeted by skilled hackers.

    Zimperium’s survey revealed that 84% of security professionals today had enabled Microsoft Office 365 on mobile, with 38% of them being in the process of securing these deployments on a second phase.

    This stat perfectly reflects how many organizations sacrificed strict security controls to support productivity and business continuity during times of dramatic changes.

    Compared to previous years, both Google (Android) and Apple (iOS) has come a long way regarding security, and their mobile systems are robust enough to rule out easy exploits.

    Today, threat actors are forced to discover and chain multiple vulnerabilities to achieve meaningful goals, so these attacks are getting much harder to carry out.

    With thanks to the Cyber Defence Alliance and BleepingComputer. The full story and report is here: https://www.bleepingcomputer.com/news/security/2021-mobile-security-android-more-vulnerabilities-ios-more-zero-days/

    Request A Demo: Security Awareness Training

    products-KB4SAT6-2-1

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    Save My Spot!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top