Threat actors are pursuing a mobile-first strategy. 82 percent of phishing websites are optimized for mobile devices.
Zimperium warns of a significant increase in targeted phishing attacks on mobile devices. This is based on the current one Global Mobile Threat Report 2024 of the security provider. Accordingly, attackers are pursuing a “mobile-first” strategy in which different techniques are used to inject malware into corporate environments.
Among other things, threat actors use weakly secured and unmonitored mobile devices to gain access to corporate networks and sensitive data. According to Zimperium, 82 percent of phishing pages now target mobile devices.
Zimperium classifies the so-called mishing – mobile targeted phishing – as one of the biggest threats to companies. “Cybercriminals rely on the fact that employees generally have a high level of trust in their mobile devices as a business tool and use this to carry out attacks,” the company said. “Zimperium researchers found that 76 percent of phishing websites targeting business users use the secure HTTPS communication protocol to disguise malicious actions on mobile devices. In addition, phishing attempts via fake websites are harder to detect on compact smartphones with small screens because, for example, URL bars are hidden.”
Successful mixing sites rely on hit-and-run strategies. Fraudulent domains would be put online and taken down again in a short time – before they were discovered. “According to research by Zimperium security experts, around a quarter of mobile phishing websites are operational and launch malicious activities less than 24 hours after they are created,” the company added.
“Mishing attacks and mobile malware are increasingly evading detection and often go undetected on corporate networks,” said Chris Cinnamo, senior vice president of product management at Zimperium. “To effectively defend against mobile threats, corporate IT security teams must be able to prioritize rapidly evolving attacks targeting employee mobile devices. Without proactive measures, mobile-based attacks will continue to infiltrate corporate networks, compromise sensitive data and disrupt overall business operations.”
