Don’t let their small size fool you: mobile devices can have a big impact on your security posture. It’s easy to see why, considering that almost half of organizations said they suffered a mobile-related compromise in 2022.
Malware and phishing are two particular mobile threats that you need to defend against in 2023. Just check out the following stats from last year:
- 18 percent of clicked phishing emails in 2022 came from a mobile device. (Verizon Mobile Security Index 2022)
- 46 percent organizations that had suffered a mobile-related security breach in 2022 said that app threats were a contributing factor. (Verizon Mobile Security Index 2022)
- 9 percent of organizations suffered a mobile malware attack in 2022. (Check Point 2023 Cyber Security Report)
In addition, according to Malwarebytes research, 45 percent of schools reported that at least one cybersecurity incident last year started with Chromebooks or other mobile devices.
In this post, we’ll talk about the threat that phishing and malware pose to mobile endpoint security and how to crush them.
Mobile devices have a huge target on their backs
Mobile devices are a key part of today’s modern business: 56 percent of employees rely on at least four to eight enterprise applications on their mobile device.
But wherever sensitive data exists, threat actors are out there trying to get their hands on it.
The explosion of bring-your-devices (BYOD) policies during and after the pandemic created a large, new attack surface. Employees love mobile devices for their convenient access to corporate data systems; attackers love them for the same reason.
Malware on Android
First things first, malware is a much bigger threat to Android devices than it is to iOS devices, as iOS malware is extremely rare.
Malware on mobile Android devices comes in many forms, including adware, ransomware, trojan-banker (aka ‘bankers’), and trojan-dropper (aka ‘droppers’). Droppers, considered the “most Trojan of Trojans,” disguise themselves as innocent apps to steal personal and financial data. Droppers can install copies of themselves, and because they can drop software that downloads other malware, they can be used to establish a permanent gateway into a smartphone, and then into a business
In our 2022 State of Malware Report, Malwarebytes found that droppers accounted for 14 percent of detections on Android. Other malware is more widespread, but droppers pose the greatest danger to organizations.
Examples of recent Android malware
Phishing on iOS and Android
Phishing has always worked wonders for attackers, and if it ain’t broke, don’t fix it—including on mobile devices. In fact, Zimperium found the number of phishing sites that target mobile devices specifically has seen 50 percent growth from 2019-2021.
Phishing attacks on Android and iOS range from email to banking, SMS (smishing), and even attempting to trick users into handing over legitimate two-factor authentication codes.
Targeted phishing campaigns on enterprise mobile devices are common, with threat attackers often impersonating companies such as Apple, PayPal, and Amazon.
Mobile Device Management (MDM) ain’t the solution
A common misconception that we hear when we talk about mobile endpoint security is that MDM is the solution to all of our mobile malware and phishing woes.
It’s not.
Mobile device management services only secure use of corporate data, but are not designed to counter threats such as malware and phishing on iOS and Android devices.
Organizations should look beyond MDM platforms and toward mobile security products that use a variety of techniques, including behavioral analysis, to crush mobile threats. Some features of a robust mobile threat defense product include:
- 24/7 real-time protection against emerging threats
- Advanced antivirus, anti-malware, anti-spyware capabilities
- Malicious app protection
- App privacy audit
- Safe web browsing
- Block ads and ad trackers
- Filters suspicious fraudulent texts
- Spam call blocking
Malwarebytes makes mobile device security easy
With Malwarebytes Mobile Security for Business, you can put a damper on mobile attacks on your organization in just a few clicks.
In Nebula, our cloud-hosted security platform made for small to large businesses (OneView for MSPs), all you have to do to get started is activate the endpoint agent for your mobile devices.
From there, you set how your mobile endpoints behave by adding a new policy and selecting Web protection and Ad block for iOS and Behavior protection for ChromeOS and Android.
Once you save this policy, you’re set!
Admins gain immediate visibility into mobile device activity, enabling IT teams to easily identify and report malicious threats, PUPs, and PUMs.
The Malwarebytes Mobile Security app on IOS (left) and Android (right)
The statistics don't lie—phishing and malware pose a big threat to mobile endpoint security in 2023. But with a mobile threat defense solution like Malwarebytes Mobile Security, you can crush threats like these and more. Get a free trial and/or quote below!