Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:35 PM
Connect Directly

Survey Shows Surprisingly High Number Of Breaches Via Mobile

IDG/Lookout study shows another take on the mobile threat, while Verizon says breaches it's seen so far this year still aren't due to mobile devices.

In a surprising twist, nearly three-fourths of organizations in a new study say they experienced a data breach via mobile -- either malware-rigged mobile apps, vulnerable apps, or unsecured WiFi connections.

The new data comes from an IDG study commissioned by mobile security firm Lookout, which says the numbers came as a shock to them as well. "The most surprising results to us were that 74% said they had already experienced a data breach as a result of mobile" issue, says Aaron Cockerill, vice president of products at Lookout. "A lot of breaches globally are frequently attributed to infrastructure in the corporation, LAN … There's never really been a huge data breach attributed to mobile devices."

Of the 100 executives from companies with an average of 23,000 employees and mainly from technology, financial services, and manufacturing industries, 82% say most of their corporate data is accessible via users' mobile devices.

Some 38% say their companies suffered data breaches via vulnerable mobile apps; 36% via malware-rigged mobile apps; 30% via unsecured WiFi; 30% via rooted and jailbroken devices; 28% via apps that send or access sensitive data; and 15% from apps downloaded from non-official app stores.

To date there has been little evidence of mobile serving as a primary attack vector for breaches, with the exception of some nation-state attacks. While mobile vulnerabilities and malware are abundant and emerging regularly, most attackers still stick with the tried-and-true desktop attack.

Verizon, meanwhile, says it's still not seeing an uptick in mobile as an attack vector in data breaches. "We continue not to see mobile assets within the event chains of the incidents that are in our current data set, which represents a slice of actual 2015 incidents," says Marc Spitler, managing principal and co-author of the Data Breach Investigations Report, Verizon Enterprise Solutions. "Keep in mind that Verizon’s data breach investigations series focuses on how often these issues occur in the real world. Our real-world data does not support the 74 percent affirmative responses in this survey."

[BYOD may be a big fat security and management headache for the business world and mobile malware is on the rise, but the reality is that so far, hackers aren't employing mobile malware for cybercrime or cyber spying purposes. Read Verizon DBIR: Mobile Devices Not A Factor In Real World Attacks.]

That doesn't mean you should ignore mobile security or assume it won't become a problem, he says. Spitler says while mobile is not a major culprit for cyberattacks thus far, it's best to prepare for that to change. Organizations "should build processes and policies and controls now, before the threat rate increases," he says.

Lookout's Cockerill says the new data may be jolting, but it's "not a sign the sky is falling." However, he maintains that Verizon and other reports may not provide a full picture of the highly targeted attacks Lookout sees. "We believe what we're seeing and what we know from last year, is a dramatic increase of sophisticated local attacks … targeted at gathering important information," he says.

Meanwhile, Windows PCs make up about 80% of all mobile network infections. The overall infection rate for mobile devices jumped from 0.50% to 0.75% in late June mainly due to Windows PCs that are tethered to mobile WiFi devices, hotspots, and smartphones getting hit with a spike in malicious adware, according to Alcatel-Lucent's Motive Security Labs.

Aside from Verizon's discounting mobile as an attack vector in data breaches in its Data Breach Investigations Report this year, security firm Damballa Research recently summed up the reality of mobile threats this way: users are 1.3 times more likely to get struck by lightning than to be infected with malware, according to Damballa's data.

Lookout's Cockerill dismisses the argument that the bad guys target desktops over mobile devices because they're easier to infect. "I'm not convinced that it's necessarily harder to [attack via] mobile," he says. Many users are primarily working off their mobile devices today, anyway, he says.

"The reason you've not seen widespread" mobile attacks, he says, is attackers are following the valuable corporate data. "Data is only just starting to … move onto those mobile devices."

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-07-18
Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on the...
PUBLISHED: 2019-07-18
Firefly III before is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ tag summary page.
PUBLISHED: 2019-07-18
Firefly III before is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing.
PUBLISHED: 2019-07-18
Firefly III before is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query.
PUBLISHED: 2019-07-18
Firefly III before is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing.