2022 Global Mobile Threat Report: Key Insights on the State of Mobile Security

Share this blog

What’s the mobile security landscape like today, how has it changed, and what can security teams expect over the course of 2022? To provide answers, we’ve recently published our 2022 Global Mobile Threat Report. This report provides a comprehensive look at the landscape and its evolution and explores how mobile threats and a modern security strategy drive impact throughout an enterprise’s entire ecosystem.

The Increased Use of Mobile Phones for Work—and the Resulting Risks

It wasn’t that long ago that those who had a mobile phone used it for pretty much one thing: making calls. Those younger than a certain age may find that impossible to fathom, but it’s true.

Clearly, those days are over. Now, smartphones play an increasingly integral role in our personal and professional lives. For work, it’s grown routine for us to use our phones to store passwords, do multi-factor authentication, access corporate files and applications, and more.

Sadly, in the process, these devices have come to capture the increased attention of cybercriminals. Malicious actors are waging increasingly sophisticated attacks that target mobile devices and applications, and they continue to invest more to advance their techniques and tactics.

Mobile Security: A Moving Target

The reality is that teams in many organizations are not clear on the risks, and they’re not well-positioned to contend with today’s mobile security demands.

The mobile landscape continues to grow in scope and complexity, with new apps, features, and capabilities introduced continuously. Therefore, it is essential to realize that security, like mobile devices, is a constantly moving target. It is vital to establish the right tools and resources, so teams understand the risks involved and their potential impact and make intelligent decisions about security efforts and investments.

2022 Global Mobile Threat Report: Key Takeaways

For teams looking to respond to these evolving security imperatives, Zimperium’s 2022 Global Mobile Threat Report offers data-driven insights and updates. Following are some of the key findings from our analysis:

Mobile devices are an increasing focus of cybercriminals.

  • 30% of the known, zero-day vulnerabilities discovered in 2021 targeted mobile devices.
  • The same year, there was a 466% increase in exploited, zero-day vulnerabilities used in active attacks against mobile endpoints.
  • Further, 75% of the phishing sites analyzed specifically targeted mobile devices.

Malware is everywhere.

  • 2,034,217 new malware samples were detected in the wild in 2021.
  • The Zimperium zLabs team discovered threats affecting more than 10 million devices in 214 countries.

Advanced malware keeps resurfacing.

  • Prominent malware discovered in previous years made a mobile-focused comeback in 2021. For example, Pegasus, the spyware program first detected in 2016, surfaced again in 2021. Attackers targeted more than 50,000 individuals, including journalists, activists, and political leaders. This most recent variant leveraged zero-day exploits to target iOS devices.
  • In addition, the Joker trojan discovered in 2017 also reappeared in 2021 and specifically targeted Android devices.

Vulnerable mobile devices are resulting in incidents.

  • 42% of organizations report that vulnerabilities in mobile devices and web applications have led to a security incident

Public cloud misconfigurations are exposing data.

  • Based on our analysis of more than 1.3 million Android and iOS apps, 14% of the apps using public cloud backends had misconfigurations that exposed users’ personal information.

These findings illustrate why 2022 must be the year that security teams start to take mobile security seriously, and employ the same rigor in this arena that they’ve been applying to traditional endpoints.

The statistics above represent just a portion of the details found in the Global Mobile Threat Report. The number of risks to mobile apps and devices, and the corporate assets they connect to, is growing year over year. Whether through device exploits, application misconfigurations, malware, or leaky databases, the mobile device has become a common target for malicious actors globally.

This year’s report provides a topical analysis of mobile threat data from the field, including prominent mobile attack vectors, regional analyses, exploited mobile vulnerabilities, mobile phishing trends, and mobile malware trends. To learn more about mobile security threats and how to guard against them, be sure to download the 2022 Global Mobile Threat Report.

Richard Melick
Mobile Threat Intelligence. View the author's experience and accomplishments on LinkedIn.

Get started with Zimperium today