Nearly every business polled reported a cyber-attack via a mobile device last year, according to research by cyber security firm Check Point Software Technologies

The firm’s annual Mobile Security Report, which is based on responses from 1,800 of the company’s customers, reveals 97% of organisations experienced cyber-attacks via their mobile devices last year using multiple attack vectors.

Furthermore, 46% of organisations had at least one employee download a malicious mobile application and at least 40% of the world’s mobile devices are inherently vulnerable to cyber- attacks due to flaws in their chipsets which need urgent patching, according to the Israeli-US cyber security company.

Its latest survey took place against the background of the Covid-19 pandemic and a sharp rise in home and remote working, leading to an increase in workers using mobile devices for routine and critical tasks.

“This has greatly extended the attack surface and made the mobile device more susceptible than ever to cyber threats, such as phishing scams, malicious apps, man-in-the-middle attacks, rootkit and more,” said Neatsun Ziv, the company’s vice-president of threat prevention.

“Indeed, Check Point researchers have been observing a continuous rise in the number of attacks and data breaches that are coming in through the mobile endpoint.

“It has become all too clear that the new normal means more numerous and more sophisticated mobile security threats, making robust mobile security a key business imperative.”

The report found93% of all attacks originating in a device network, which attempts to trick users into installing a malicious payload via infected websites or URLs, or to steal users’ credentials, Check Point said.

There has been an increase in banking Trojan activity, where users’ mobile banking credentials are at risk of being stolen via malware often hidden in apps which claim to offer information related to coronavirus.

“Covid-19 is the new app attack premise, with skilled threat actors exploiting the public’s concerns with the pandemic via malicious apps that are masquerading as providers of legitimate help in times of crisis,” the company said.

Individuals’ mobiles are also a very attractive target for advanced persistent threat (APT) groups, such as Iran’s Rampant Kitten which has conducted elaborate and sophisticated targeted attacks to spy on users and steal sensitive data, stated Check Point.

The company also discovered in 2020 what it described as a new and highly significant attack in which threat actors used a large international corporation’s mobile device management (MDM) system to distribute malware to more than 75% of its managed mobile devices, thereby exploiting the solution intended to control how mobiles are used within the enterprise.

Ziv said: “There are more complex threats on the horizon. Cyber criminals are continuing to evolve and adapt their techniques to exploit our growing reliance on mobiles. 

“Enterprises need to adopt mobile security solutions which seamlessly protect devices from today’s advanced cyber threats, and users should be careful to use only apps from official app stores to minimise their risk.”

The company’s Mobile Security Report is based on data collected last year from 1,800 organisations that use Check Point’s Harmony Mobile data protection product plus supplementary research.

Register to receive the latest cyber security news and analysis straight to your inbox