Levels of phishing exposure to mobile devices surged by 161% between the second half of 2020 and the first half of 2021, according to data within a report published by cloud security firm, Lookout Energy.

malicious-code phishing threats

The report found that a fifth of employees from the sector were exposed to a mobile phishing attack through the first two quarters of this year, while 17.2% of all cyberattacks originating on mobile endpoints were found to target energy organisations.

The findings leave the energy industry among one of the principal victim sectors of cybercriminals and state-sponsored online threats.

The average mobile threat exposure rate came in at 7.6%, nearly twice the threat vector experienced of all other industries put together.

Among key reasons for the increases in vulnerability was users failing to update their older versions of Android OS. Consequently, 56% of Android users were found to have inadequate cyber-defences to shore up almost three hundred exploitable weaknesses. Riskware and associated vulnerabilities were found to be the cause of 95% of mobile app threats.

Looking globally, the EMEA region was found to have a mobile phishing exposure rate of 15.8%, APAC 13.2% and North America 11.2%. EMEA and APAC employees were respectively discovered to be 41% and 18% more at risk of a mobile phishing attack than their counterparts in the US and Canada.

Recent events such as the Colonial Pipeline breach demonstrate that the energy industry is particularly vulnerable to cyberattacks. Bad actors phish and exploit vulnerabilities in mobile endpoints to circumvent legacy security systems to gain access to corporate infrastructure, steal sensitive data and extort money.

Securing mobile endpoints that employees use to do their jobs is imperative to protect enterprise data as iOS, Android and ChromeOS devices are increasingly essential to digital transformation initiatives. Protecting against mobile phishing and app threats enables energy organizations to prevent cyberattackers who want to steal credentials and data, or halt operations with ransomware.

Stephen Banda, Senior Manager of Security Solutions at Lookout and the report’s author, said:

“As the energy industry modernizes and relies more heavily on mobile devices and cloud solutions, these insights into mobile phishing and app threats can help organizations strengthen their security program.

“We recommend organizations train employees about the dangers of mobile phishing attacks and have dedicated solutions in place to secure against them. They also need visibility into mobile app and operating system vulnerabilities to safeguard corporate data.”