Over 90% of Organizations Hit by a Mobile Malware Attack in 2020


Level 85
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
Almost every global organization suffered at least one mobile malware attack in 2020, according to a new report from Check Point.

The security vendor polled 1800 customers of its Harmony Mobile device threat protection product to compile its 2021 Mobile Security Report.

Of the near-total number that faced a mobile attack last year, 93% of incidents originated in a device network, and were either phishing attempts (52%), C&C communication with malware already on the device (25%) or involved infected websites/URLs (23%).

Check Point also warned that unsecured networks like public Wi-Fi could enable man-in-the-middle (MitM) attacks designed to compromise devices and data.

The study revealed that nearly half (46%) of responding organizations had at least one employee download a malicious mobile application that threatened networks and data last year. Banking Trojans, mobile Remote Access Trojans (MRATs), premium diallers, clickers and ad fraud were among the most common.

Some 97% of organizations faced mobile threats originating in multiple vectors, including applications, networks, devices and OS vulnerabilities. However, Check Point warned that mobile device management (MDM) is a potentially major new target for attackers.

In April last year, the security vendor claimed to have detected for the first time information stealing malware targeting the MDM server of a large multi-national, and in so doing compromising over 75% of its devices.

“Regrettably, the MDM’s most notable feature, and arguably the reason for its existence – a single, central control for the entire mobile network, is also its major weakness,” noted Check Point. “This malware [a Cerberus variant] is very damaging, for once installed, it can collect large amounts of sensitive data, including user credentials, and send it to a remote command and control (C&C) server.”

In the report, Check Point also repeated claims made last summer that around 40% of the world’s mobile devices are vulnerable to attacks, after it found hundreds of bugs in Qualcomm’s popular DSP chips.