Mobile Threats Are On The Rise

Intrusion Team
Apr 20, 2023

Mobile devices are already a huge part of our lives and still our dependence on these devices continues to grow. By the end of 2022, 5.4 billion people worldwide were already subscribed to a mobile service. This was revealed by GSMA in The Mobile Economy 2023 report, which also projected that number to increase further to 6.4 billion in 2030.

It’s not really the increased usage of mobile devices per se that’s concerning. What’s more concerning is what employees do and what data they have access to when using these devices. According to Verizon’s annual Mobile Security Index report, 53% of mobile devices have access to more sensitive data than in the previous year. The same report says customer lists, employee personal data, banking details, and so on—basically the kind of data that were previously only accessible through office PCs—are now being accessed through mobile devices.

Attacks Targeting Mobile Devices are On The Rise

Increased usage of mobile devices for work-related activities can pose security risks to organizations since threat actors may view it as a path to an organization’s crown jewels. Users have long been considered the weakest link in cybersecurity. Since users are spending more time on their mobile devices, threat actors will naturally want to target them there. 

Indeed, results in Verizon’s Mobile Security Index report from 2018 to 2022 (except for an anomaly in 2021) show a steady increase in the percentage of respondents saying their company suffered a cyber incident involving a mobile device. These incidents resulted in data loss or downtime. In fact, in the 2022 report, 45% of companies surveyed are said to have suffered a mobile-related compromise. That number was only somewhere above 20% in 2018.

Changing Work Practices Increase Your Attack Surface

Risks associated with mobile device usage are now further aggravated by work practices like remote/hybrid work and Bring Your Own Device (BYOD), which tend to increase an organization’s attack surface. Whenever employees work remotely, they lose the level of protection provided by their corporate firewall. 

Since many of these workers use the same device regardless whether they’re working remotely or onsite, exploits (like say malware infections) they acquire outside are introduced into the company network when they report back to the office. 

Although the number of remote workers have gone down compared to pandemic levels, it’s still quite high. In Deloitte’s 2022 Connectivity and Mobile Trends report, 45% of respondents declared that one or more members of their household were still working from home at least some of the time. Furthermore, there are indications those numbers aren’t going back to pre-pandemic levels anymore. According to the same report, 75% of employed adults with remote work experience now prefer virtual or hybrid work options.

Get the new Shield Mobile app from Intrusion

Cyber Attacks are Less Perceptible To Mobile Users

Many organizations are now more aware of the risks of cyber threats and have taken steps to educate users on threat identification and handling—like contacting IT upon receiving a suspicious email. That’s certainly a good thing. Unfortunately, an ongoing cyber attack is relatively harder for users to identify on a mobile device than on a PC or a laptop. 

Let’s take phishing for example. Phishing attacks have been increasing every quarter since 2021. We speak in greater detail on the uptrend in Top 5 Endpoint Security Threats to Watch For in 2023

Traditionally associated with email, phishing attacks are now also being carried out through other communications channels available on mobile devices, like instant messaging and in-game chats. Although phishing attacks are usually covered in security awareness trainings, these attacks are generally more difficult to recognize on mobile devices due to a couple of factors. 

First is the substantially reduced screen size, which usually only shows a truncated version of the URL—one of the items users are trained to inspect when checking an email for signs of phishing. When a URL is truncated, you don’t know where it’s pointing to. Also, unlike in a desktop or laptop, you can’t hover your mouse pointer over a hyperlink to check the underlying URL. You’d have to tap on the link, an action which could potentially direct you to a malicious site and download malware. And yes, mobile malware do exist.

Mobile Malware Do Exist

Mobile malware isn’t a new threat. I’m pretty sure you’ve read news articles about malware infecting Android or iOS devices. But why aren’t people as concerned about malware infections on their mobile devices as they are with their PCs and laptops? I won’t be surprised if you have an antivirus installed on your PC or laptop, but not on your iPhone or Android phone. Why is that?

Well, for one, we’ve been accustomed to using our mobile devices for personal activities, like calling, texting, taking photos, posting on social media, and so on. None of these activities call for a level of security comparable to what we normally accord to work-related tasks. The problem is even though mobile devices are now used for both personal and work purposes, we still retain that old mindset. 

That shouldn’t be the case. Mobile malware can send unauthorized messages, display ads, or, in the case of mobile ransomware, lock up a device. They can also exfiltrate photos, messages, contacts, passwords, and, yes, company data. 

The mobile malware threat—as well as other mobile-targeted cyber threats—is about to get worse with increased adoption of 5G. 5G amplifies interconnectivity and connection speeds by several notches. This can shift malware capabilities into hyperdrive. 

Increased interconnectedness exposes mobile devices to more systems and devices (some of which might already be compromised or even malicious) than ever before. At the same time, higher connection speeds can increase the potency of malware attacks. With greater network speeds, malware can accomplish certain tasks—like propagating across the network, downloading payloads, or exfiltrating stolen data—much faster. 

Protect Your Mobile Devices from Cyber Threats with Intrusion Shield Mobile

After seeing the massive influx of mobile devices into the workplace and the emergence of new work practices, we built a consumer app that can be installed on your phone: Intrusion Shield Mobile.

The app relies on the same proven tech offered to businesses to protect mobile devices against common and advanced threats using Applied Threat Intelligence (ATI). Intrusion Shield Mobile is available in the Google Play Store and monitors outbound requests from your mobile device and automatically blocks access to known high-risk and malicious domains.

If you perform any work-related tasks on your mobile or hook it to your company’s network, you need protection. But even if you aren’t, better safe than sorry. Get the app now

Resources that might interest you.

Get the insights cybercriminals don’t want you to know.