Security firm Check Point has released its Mobile Security Report 2021 revealing some alarming details about cyber-attacks last year. The company says that four out of every 10 mobile phones are inherently vulnerable to cyber-attacks. The report says that 97 percent of organisations globally in 2020 faced mobile threats that used multiple attack vectors and 46 percent had at least one employee download a malicious mobile app. With work from home becoming the new norm, attacks on personal handsets used for office work have been on a rise.
The latest Mobile Security Report 2021 by Check Point says that almost every organisation experienced at least one mobile malware attack in 2020. 93 percent of these attacks originated in a device network, which attempts to trick users into installing a malicious payload via infected websites or URLs. Research also showed that at least 40 percent of the world’s mobile devices are inherently vulnerable to cyber-attacks due to flaws in their chipsets, and need urgent patching. This is four out of every 10 handsets in the world.
Check Point’s report says that there was a 15 percent increase in banking Trojan activity in 2020, where users’ mobile banking credentials were at risk of being stolen.
Bogus COVID-19 related information apps have been used as a new target to hide malware, Check Point found. Threat actors have been spreading mobile malware, including Mobile Remote Access Trojans (MRATs), banking trojans, and premium dialers. Advanced Persistent Threat (APT) groups like Iran’s Rampant Kitten are using mobile phones to conduct elaborate and sophisticated targeted attacks to spy on users and steal sensitive data, the report says.
COVID-19 saw a rise in remote working and Check Point forecasts that 60 percent of workers will be mobile by 2024. During 2020, Check Point even discovered a new and highly significant attack, in which threat actors used a large international corporation’s Mobile Device Management (MDM) system to distribute malware to more than 75 percent of its managed mobile devices – exploiting the solution, which is intended to control how mobiles are used within the enterprise.