Mobile SecurityThreat Detection

2024 in Review: Key Insights from Lookout’s Mobile Threat Landscape Report

2024 in Review: Key Insights from Lookout’s Mobile Threat Landscape Report

2024 in Review: Key Insights from Lookout's Mobile Threat Landscape Report

The mobile threat landscape is evolving rapidly, with 2024 bringing new and sophisticated challenges to organisations of all sizes. Mobile devices have become core to business operations, but this also makes them prime targets for cybercriminals. Lookout’s Mobile Threat Landscape Report highlights a crucial shift: threat actors are now frequently targeting mobile devices as the first point of entry into enterprise systems.

This shift represents a growing vulnerability in the security posture of many organisations. Mobile endpoints have become a primary target for social engineering attacks, where the human factor is often the weakest link in security. With phishing attacks, malicious apps, and AI-driven exploitation techniques on the rise, securing mobile devices is now a necessity, not an option.

On-demand Webinar: Protecting Data, Powering Trust

Lookout and Renaissance recently held a webinar that covered why mobile devices are a new gateway for attackers, as threat actors exploit mobile vulnerabilities and social engineering tactics to gain direct access to cloud environments and compromise critical data.

During the webinar, Lookout security experts discussed how modern cyberattacks exploit mobile users and what you can do to stay ahead. The presentation was designed for CISOs, Security Leaders, and IT decision-makers looking to enhance their security posture against evolving mobile threats. Key takeaways from the webinar were:

  • How the traditional cyber kill chain has evolved to exploit mobile users.
  • Why attacks leveraging mobile devices are on the rise.
  • The vulnerabilities that are making your organisation an easy target.
  • How identifying anomalous data movements can prevent breaches.
  • The essential capabilities needed to defend against modern attacks.

Watch the Webinar on demand via https://renaissance.renaissance.ie/c/441043.

The Rise of Human-Directed Threats

As organisations move more data to the cloud, mobile devices have become the ideal entry point for cybercriminals. Cybercriminals are adapting to this new landscape, focusing on exploiting human vulnerabilities rather than traditional malware. By leveraging tactics like mobile phishing, SMS phishing (smishing), and social engineering, attackers aim to steal user credentials—the keys to accessing sensitive corporate data.

Mobile devices offer attackers a personal, direct channel to employees, making it easier to manipulate them into revealing sensitive information. The use of AI-powered phishing scams, which are nearly indistinguishable from legitimate communications, has dramatically increased the effectiveness of these attacks. For example, attackers may impersonate CEOs or other authority figures to create a sense of urgency, tricking employees into complying with fraudulent requests.

Key Findings from the Lookout Threat Landscape Report

Here are several key findings reported in the Lookout report.

Mobile Phishing: The AI-Powered Threat

Mobile phishing has become an AI playground for threat actors, with over 4 million mobile-focused social engineering attacks recorded in 2024. Apple iOS users were exposed to twice as many phishing attacks as Android users.

With generative AI making it increasingly difficult to distinguish between legitimate and fraudulent communications, executive impersonation and credential theft have become dangerously effective tactics.

Mobile Vulnerabilities: A Window of Opportunity

The 2024 report identified over 1.6 million enterprise devices running vulnerable app versions. Browser vulnerabilities ranked among the most common risks, with nearly all major mobile browsers affected by critical security flaws.

These flaws create significant windows of opportunity for threat actors, especially considering that the average user has approximately 80 apps installed on their device. Even when patches become available, the delay in updating creates an extended exposure period.

Mobile Malware: The Silent Threat

Lookout detected 427,000 malicious apps on enterprise devices in 2024 alone. The report highlights several high-severity and critical malware families, including:

  • LittleEye (Android Surveillanceware)
  • PlainGnome (iOS & Android Surveillanceware)
  • BnkRat (Android Surveillanceware)
  • KrSpy (iOS & Android Surveillanceware)

These advanced threats can track location, steal data, record conversations, and access device cameras. Essentially allowing threat actors to “live in the pocket” of your employees while putting sensitive corporate data at risk.

Device Risks: Configuration Matters

Beyond malicious apps and phishing, device misconfigurations represent a significant security gap. Lookout found that:

  • 29.5% of devices had out-of-date operating systems
  • 11.5% had outdated Android Security Patch Levels
  • 12% had no device lock enabled
  • 3.3% were unencrypted

These seemingly simple misconfigurations can leave devices vulnerable to sophisticated attacks, including advanced threats that can exploit jailbroken or rooted devices to gain complete control.

The Human Factor: The Weakest Link

As attackers increasingly focus on the human element, it’s clear that mobile devices are the ideal platform for social engineering attacks. Simple but highly effective scams, such as the CEO Apple Gift Card Scam, rely on exploiting human instincts like trust and urgency to deceive employees into taking action that compromises corporate data.

What This Means for Your Organisation

The report shows that organisations can no longer treat mobile security as a secondary concern. With threat actors increasingly targeting mobile devices as their initial vector, organisations need comprehensive visibility and protection across their entire mobile device estate.

Key takeaways for security leaders:

  • Mobile phishing protection is essential for all devices, regardless of operating system.
  • App vulnerability management must be part of your mobile security strategy.
  • Device configuration and OS updates require active monitoring.
  • Mobile threat intelligence should be integrated into your security operations.

Lookout’s Mobile Endpoint Security goes beyond traditional MDM tools, helping organisations detect and prevent phishing, app-based threats, and OS-level exploits before they cause damage.

Conclusion: The Human Factor is the New Attack Surface

The human element remains the most critical vulnerability in cybersecurity, and mobile devices are the new attack surface for human-directed threats. With social engineering campaigns becoming more sophisticated, organisations need a mobile security strategy that combines AI-powered protections and advanced threat detection. Lookout’s integrated solution provides the visibility and intelligence needed to protect against these evolving threats, enabling organisations to defend their mobile endpoints effectively.

Contact Renaissance to learn more about how Lookout’s mobile security solutions can help protect your organisation from the rising tide of human-centric threats in the mobile landscape.