Continuing the trends we saw throughout 2023, as observed in our Annual Report, the first quarter of 2024 was defined by a massive jump in social engineering and phishing attacks, attacks targeting multi factor authentication (MFA) solutions, and one of the largest healthcare breaches ever.
One of the most head-turning findings in this report is that there were almost three times as many phishing, malicious, denylisted, and offensive links delivered to mobile devices than there were a year ago. Vulnerabilities in mobile apps and operating systems also increase the risk a mobile device can pose to enterprise users and data. Finally, the most critical families of mobile malware in the first quarter of this year weighed heavily towards mobile surveillanceware.
Thanks to our industry-leading dataset of more than 220 million devices, 325 million apps, and billions of web items, we are able to identify global trends that help inform security teams across every industry and geography about how to protect the data from mobile threats. This report is a summary of our findings from the first quarter of 2024, and proves that mobile threats are no longer on the periphery of modern day data protection strategies. Nobody knows the mobile threat landscape like Lookout.
Mobile phishing and malicious content have exploded in popularity as attackers evolve their tactics to target enterprise credentials. This has led to a fundamental shift in the traditional cyber killchain, and this modern killchain is dependent on using legitimate credentials as a way to quietly enter corporate infrastructure and compromise data. Attackers take on convincing personas as internal IT or security teams to trick employees into sharing or supposedly resetting their passwords.
As one of the most widely-adopted mobile threat defense solutions, Lookout defends its customers with out-of-the-box protections against phishing and malicious content as well as the ability to create custom content rules and denylists.
450,000,000 Phishing and malicious sites identified by Lookout Security Cloud globally since 2019. 17,750,000Denylisted and offensive content sites blocked in Q1 of 2024. This is up from 4,545,000 in Q1 of 2023.
900,000Phishing and malicious web attacks were prevented by Lookout in Q1 of 2024. This is up from 455,000 in Q1 of 2023.
-p-500.png)
Attackers have found that targeting employees with socially engineered phishing attacks through mobile form factors such as SMS phishing and voice phishing is highly effective. Lookout recommends enforcing a modern defense in depth strategy that protects against multiple points of compromise across mobile, cloud, and data protection.
Vulnerabilities exist at both the operating system (OS) and app level on mobile devices. While OS and app developers will frequently push updates to patch these vulnerabilities, it’s the job of the end user to actually install them. The gap between when a developer releases a patch and when the new version is installed creates an opportunity for attackers to exploit the vulnerable device and compromise it.
Lookout monitors a wide range of vulnerabilities and threats, their global presence, and their potential impacts to inform you at the earliest possible moment and keep you safe. Below are the top vulnerabilities encountered by Lookout users in the first quarter of 2024.
325,000,000+ mobile apps and app versions have been ingested into the Lookout Security CloudThe most common app vulnerabilities in Q1 were all in components of mobile browsers. Attackers most commonly exploit these vulnerabilities with maliciously crafted webpages, which can be delivered as a link to the target device. From the attacker’s perspective, knowing that almost every mobile device runs either Chrome, Firefox, Safari, or Edge as their default browser means they can target potentially vulnerable devices with these malicious links and hope that the user hasn’t updated their app to a patched version.
A zero-day vulnerability in the WebRTC framework, which supports the mobile versions of Google Chrome, Firefox, Safari, and Edge.
A zero-day vulnerability in the V8 engine, which is the open-source Javascript and Web assembly engine that supports Chromium and the mobile version of the Google Chrome browser.
A vulnerability in Skia, which is the 2D graphics engine for Google Chrome, ChromeOS, Android, and Microsoft Edge. Successful exploitation could lead to an attacker stealing sensitive data.
A vulnerability in Chromium, which supports almost every mobile browser. Successful exploitation could enable an attacker to execute a heap corruption via a malicious webpage.
A vulnerability in WebP, the image rendering engine for Chrome and other mobile browsers with known exploits in the wild.
