Malicious actors are waging “increasingly sophisticated” attacks on smartphone and app users, according to a new report from U.S. mobile security firm Zimperium.
According to its Global Mobile Threat Report 2022, around 30 percent of “zero-day” vulnerabilities—a known weakness in a system that has yet to be patched—were found in mobile devices over the course of 2021.
Zimperium also found a 466 percent increase in active attacks on such weaknesses, while also finding that 75 percent of phishing websites targeted mobile devices.
In terms of malware, the group detected 2,034,217 samples of malicious software last year and found that 10 million devices across 214 countries were affected.
Some malware programs were also re-emerging in more advanced forms.
For example, the spyware program Pegasus, which was detected in 2016, surfaced again in 2021 targeting zero-day vulnerabilities in iOS devices. It affected 50,000 individuals including journalists, activists, and politicians. Additionally, the Joker trojan program, which was founded in 2017, re-emerged in 2021 to target Android devices.
“Smartphones play an increasingly integral role in our personal and professional lives,” Richard Melick, director of product strategy at Zimperium said in a press release.
“Sadly, in the process, these devices have come to capture the increased attention of cybercriminals.”
“Malicious actors are waging increasingly sophisticated attacks that target mobile devices and applications, and they continue to invest more to advance their techniques and tactics,” he said.
Melick said the mobile landscape was growing in scope and complexity with new apps and features being introduced regularly.
“Therefore, it is essential to realise that security, like mobile devices, is a constantly moving target,” he said. “It is vital to establish the right tools and resources, so teams understand the risks involved and their potential impact.”
Cybersecurity has become a more pervasive issue as the world becomes more interconnected, however, the cost of monitoring and protecting against such threats has also ballooned.
A February report found that the average cost of insurance to cover cybersecurity breaches spiked 113 percent in Australia from 2020 to 2021.
“Ransomware has been, and will continue to be, a plague on organisations and insurers alike, across all industries and segments—equally challenging for small to medium enterprises, as well as large corporates and the public-government sector,” the AON report said.