iOS devices face twice the phishing attacks of Android

2024 brought about countless new cybersecurity challenges including significant growth of the mobile threat landscape, according to Lookout.

Threat actors, ranging from nation-states to individuals, are increasingly targeting mobile devices for the onset of their attacks to steal credentials and infiltrate the enterprise cloud in a pathway known as the modern kill chain. More than ever, organizations of every size across every industry must view mobile targeting as a canary in the coal mine – an early indication that they could be under attack elsewhere in their infrastructure.

iOS phishing attacks on the rise

Thanks to Apple’s walled garden approach, iOS is the mobile operating system of choice for most enterprise organizations. It makes sense, as the complexity of an Android-heavy environment would mean managing dozens of device manufacturers.

However, just because iOS can only run on Apple devices does not mean that those users are at less risk of interacting with mobile phishing attacks. Unlike mobile malware, which relies on the target device’s OS, mobile phishing attacks are web-based. This means that they can be delivered to any device through any app with a messaging function.

Lookout observed that 26% of iOS devices were targeted by threat actors with phishing attacks versus Android users (12%) in 2024.

Vulnerabilities, regardless of where they exist, can be a highly effective point of initial access for a threat actor. Mobile operating systems and apps have vulnerabilities in their code just like any other piece of software, and more often than not those vulnerabilities can be exploited by simply sending a link to the target device.

Zero-click and one-click exploitation is a tactic used by threat actors in the mobile landscape, which means security teams have little to no time to act if an employee’s device is vulnerable. Known vulnerabilities often take a couple of weeks to patch, and even once those patches are available end users take time to update their devices and apps.

427,000 malicious apps were detected on enterprise devices, which can vary widely from infostealers to sophisticated spyware. The vast majority of malware discoveries were classified as trojan malware, followed by surveillanceware and adware.

Misconfigurations can compromise mobile devices

Mobile device security must now be a priority for security teams, given the increased availability of sophisticated malware, the development of state-sponsored mobile malware, an notable number of iOS zero-day vulnerabilities, and a significant reliance on mobile social engineering. The most critical families of mobile malware continued to lean heavily towards Android surveillanceware.

Globally, the APAC region has the highest phishing encounter rates, followed by EMEA and North America.

In addition to phishing, apps, and malware, there are misconfigurations that can occur and open up the entire device to being taken over. This can range from simple device settings to advanced malware that gains root admin access to the device. Top device misconfigurations include out-of-date OS (29.5%), out-of-date Android Security Patch Levels (ASPL) (11.5%), no device lock (12%) and no encryption (3.3%)

“Targeting mobile devices as the gateway to corporate clouds has become the modus operandi of modern threat actors. Yet, mobile devices remain a common blind spot for organizations,” said David Richardson, VP of Product, Lookout. “To stay ahead of threats, organizations must prioritize mobile security as an integral part of their overall defense strategy.”