Zimperium, the only mobile-first security platform for devices and apps, released its highly anticipated global mobile threat report 2023 today.

Mobile-powered business is growing, and spyware, phishing, and ransomware are becoming more sophisticated.

The report analyses the year's top mobile security trends using Zimperium's zLabs research, third-party industry data, partner insights, and industry influencers.

43% of compromised devices were fully exploited, up 187% year-over-year.

“The explosive growth in mobile device and app usage has created an ever-growing attack surface,” said Zimperium CEO Shridhar Mittal. Mobile devices are essential to our work, communication, navigation, banking, and information, creating new malware opportunities.

Last year's global mobile threat report found that 60% of enterprise asset endpoints were mobile devices, and this trend appears to be continuing. Mobile-powered businesses must increase mobile security to protect employee data and sensitive company information.

Enterprise and government mobile initiatives are under attack. The latest Zimperium research highlights the sobering fact that mobile-powered businesses are creating vulnerabilities that cybercriminals and nation-states are targeting.

Key Findings

• Phishing attacks against mobile devices are growing. 80% of phishing sites target mobile devices specifically or are designed to function both on desktop and mobile. Meanwhile, the average user is six to ten times more likely to fall for SMS phishing attacks than email-based attacks.

• During 2022, Zimperium detected an average of four malicious/phishing links clicked for every device covered with its anti-phishing technology.

• EMEA and North America have the highest percentage of devices being impacted by spyware, with EMEA at 35% and North America at 25%.

• Both Apple and Android saw increasing instances of detected vulnerabilities. There was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild.

• Malware is continuing to proliferate rapidly. Between 2021 and 2022, the total number of unique mobile malware samples rose 51%, with more than 920,000 samples detected, including Dirty RatMilad, MoneyMonger and Dark Herring. Zimperium  protected its customers from 2,000 samples each week that were not yet identified by the industry in general (“zero-day” malware).

• In 2021, Zimperium detected malware on 1 out of 50 Android devices. It increased significantly in 2022 to 1 out of every 20 devices.

• Improper cloud storage configurations in mobile apps are a leading attack surface. Our analysis concluded that ±2% of all iOS and ±10% of all Android mobile apps accessed insecure cloud instances.

“There is a fundamental issue that today’s modern organisations must contend with how can they capitalise on the opportunities of being mobile powered without being exposed to evolving risks,” said Zimperium CTO Jon Paterson.

To thrive, they need a mobile-first security strategy that prioritises and assesses risk as close to the user and device as possible and baselines and continuously assesses vulnerability posture to operate in a known state with complete visibility.

“They must take responsive action on risk detection: leverage zero trust and conditional access workflows, leverage XDR and autonomous, third party integrations, and assess and stay updated on global privacy regulations and the risks that affect apps they develop and use.”

In Zimperium's report, RSA chief product officer Jim Taylor explained how unmanaged BYOD devices expand the attack surface, introduce critical cybersecurity vulnerabilities, and are a necessity in the work-from-anywhere economy.

“The global mobile threat report shows why mobile security is becoming an urgent need for organisations and why security-first leaders rely on Zimperium and RSA to address this emerging threat.”

"It is clear that mobile threats are becoming more frequent and dangerous, as bad actors increasingly target smartphones as high-value targets," says Phil Hochmuth, programme VP, enterprise mobility at IDC. "This should be a wake-up call for enterprises to increase focus and investment in mobile security tools and practises."

Why mobile security protection is a public necessity

Meanwhile, Akhil Bhutani, Zimperium's General Manager of APJ Business, warns that governments and local councils must protect residents online and offline.

In an increasingly interconnected world, mobile devices have changed how people work, communicate, and access information. Smartphones and tablets give us a lot of power and convenience.

With this growing dependence on mobile technology, mobile cyber security has gone from a public good to a public necessity.

Mobile phones are "always on, always connected," making them indispensable. The public necessity of mobile cyber security is heightened by its constant connectivity.

Mobile cyber security has gone from a public good to a necessity in the digital age. Mobile cyber security is crucial due to the pervasive threat landscape, our growing dependence on mobile devices, privacy concerns, mobile payment systems, IoT integration, and enterprise security.

Protecting our privacy, data, and digital infrastructure is crucial. Mobile cyber security must be prioritised and invested in to navigate the evolving threat landscape and ensure a safer digital future for all.

Australia has 17.9 million smartphones and over three million internet-connected smart devices.

Mobile security remains a challenge for all organisations. State and local governments, where constituents increasingly use digital channels, face this challenge.

Man-in-the-middle attacks, where someone listens in, are network threats. Phishing is the most prominent application-related threat.

People click on malicious links due to the small screen and their unawareness. According to my company's research, SMS phishing attacks are 6-10 times more likely to succeed.

This year, Rogue Wi-Fi Networks hit Sydney and Melbourne hardest. Phishing and malicious apps pose many mobile security threats.

From 2022 to 2023, mobile threats increased 2.8x across Australia, with malicious apps rising significantly in Adelaide and Perth. With an explosion of phishing threats across Queensland, these pose a variety of security threats."

Two-thirds of Australians over 15 were scammed in 2021–2022, according to the Australian Bureau of Statistics (ABS).

According to ABS head of crime and justice statistics William Milne, 65 percent of people received a scam offer or request in 2021–2022.

“People were most commonly exposed to a scam over the phone (48%) or by text message (47%),” with text message exposure doubling from 23% in 2020-2021 to 47% in 2021-2022.

One-third reported to a bank or financial institution, the most common authority scam, Mr. Milne said. However, police reporting increased from 8.2% in 2020-2021 to 14% in 2021-2022.

Scams cost Australians $3.1 billion in 2022, according to the ACCC.

Zimperium's mobile threat team said many mobile device users struggle with cyber hygiene. Most devices cannot be upgraded to the latest security updates due to hardware constraints. Keeping up with daily OS and app updates is nearly impossible.

Before you go..

You can get RedWires AU for free right now. Your donation, no matter how big or small, will help us keep doing honest journalism.

The readers of Redwires AU are the engine that drives our publication. Add your support to the effort to create a sustainable future for journalism that does not make compromises in the AU.

In the world we live in now, accurate and thorough reporting and analysis are becoming more and more important. To stop the spread of false information, it's very important that everyone in Australia has access to good reporting.

The Redwires AU contributes to society by opening up access to information and resources for all people, rather than just a select few.

Our only goal is to educate the general public more thoroughly. If you believe in what we're trying to accomplish here, please consider making a contribution right away to ensure our success in the years to come.

Upgrade your subscription to get the most out of it. Join the growing number of people around the world who believe in the power of independent media.