smartphones for work tasks , enterprises must effectively protect their mobile endpoints by adopting a multi-layered security strategy including mobile threat defence and mobile app vetting . Our zLabs researchers meticulously analysed the nature of mobile attacks , uncovering an attack surface within enterprises that requires a strategic and mobile-centered response .”

Enterprise risk posed by sideloaded apps

The 2024 zLabs Global Mobile Threat Report found 82 % of phishing sites now targeting enterprise mobile devices .

imperium , a global leader in mobile

The zLabs researchers uncovered a significant rise in ‘ mishing ’ – also known as mobile targeted phishing – a technique that employs various tactics specifically designed to exploit vulnerabilities in mobile devices and users .

Notably , the report reveals that 82 % of phishing sites now target mobile devices . As cybercriminals increasingly adopt a ‘ mobile-first ’ attack strategy , they leverage a multitude of techniques to infiltrate enterprise systems by targeting weak , unsecured and unmanaged mobile endpoints , recognising mobile as a major entry point to corporate networks and sensitive data .

Mishing – A top threat facing businesses

Cybercriminals are crafting their attacks to exploit the trust employees generally have in their mobile devices . The zLabs researchers found that 76 % of phishing sites targeting enterprises are using HTTPS , a secure communication protocol that leads victims to believe the website on their device is legitimate . Employees are less likely to notice these phishing attempts because of their smaller screen sizes and less visible security indicators , such as hidden URL bars .

The success of mishing sites lies in their hit-and-run approach , where cybercriminals can launch deceptive domains rapidly , then have them disappear before they are ever detected , creating significant challenges for CISOs and their teams . The researchers found that around one-quarter of mobile phishing sites become operable less than 24 hours after their creation , launching malicious activities almost immediately .

“ It is undeniable that mobile devices and applications have become the most critical digital channels to protect in our organisations ,” said Shridhar Mittal , Chief Executive Officer , Zimperium . “ In today ’ s digital age , where 71 % of employees leverage

Along with the rise in mishing , zLabs researchers unveiled the dangers of sideloading apps – the practice of installing mobile apps on a device that are not from the official app stores . Financial services organisations saw 68 % of its mobile threats attributed to sideloaded apps . In fact , zLabs researchers found that mobile users who engage in sideloading are 200 % more likely to have malware running on their devices than those who do not . Riskware and trojans , applications that disguise themselves as legitimate apps , are the most common malware families found . APAC outpaced all regions in sideloading risk , with 43 % of Android devices sideloading apps .

Surging platform vulnerabilities

When it comes to platform vulnerabilities , 2023 witnessed a surge in identified Common Vulnerabilities and Exposures ( CVEs ) among both Android and iOS . The zLabs research team detected 1,421 CVEs in Android devices tested , representing a 58 % increase from 2022 . Sixteen of these vulnerabilities were exploited in the wild , which means they were exploited within the real world , rather than test environments . iOS devices tested saw 269 CVEs , representing a 10 % increase , 20 of them being exploited in the wild .

62 WWW . INTELLIGENTCISO . COM