The internet has become an indispensable part of daily work, enabling greater flexibility, productivity, and communication. However, connecting to the internet introduces new challenges, particularly in terms of security. With cyber threats evolving constantly, organizations face the daunting task of protecting their users and network from a multitude of risks, including phishing websites, malware downloads, and access to sites that violate acceptable use policies.

In February 2024, Lookout discovered an advanced phishing kit targeting the Federal Communications Commission (FCC), along with several cryptocurrency platforms. While most people think of email as the realm of phishing attacks, this threat actor — known as CryptoChameleon — used the phishing kit to build a carbon copies of single sign-on (SSO) pages, then used a combination of email, SMS, and voice phishing to target mobile device users.

At Lookout, we’re no stranger to all the app risks, phishing attempts, and vulnerabilities that make mobile devices such appealing targets. Over the years, our researchers have identified 1500 threat families and have exposed some of the most sophisticated threats ever found, including Pegaussu, Dark Caracal, and — most recently — CryptoChameleon.

In cybersecurity, change is a given. Technology is constantly evolving, and attackers are always updating their tactics. If you want your organization to remain secure in this ever-changing environment, it’s not enough to keep up with the trends — you need to be one step ahead.

In today's world, data is the lifeblood of every organization. From intellectual property to employee and customer data to competitive intelligence and more — if your data is stolen, it's your reputation, money, and business on the line. But the way we store and interact with data has changed over the years. It's no longer located inside a perimeter, on networks and devices your organization has total control over.

It's been two decades since the introduction of virtual private networks (VPNs), and they are still the go-to solution for many organizations that need to connect remote users to company resources. But while VPN technology remained relatively static — grounded on the principle that your resources are primarily located on a corporate network — remote work requirements have changed dramatically.

Your data has left the premises. While virtual private networks (VPNs) used to be the go-to solution for extending access to private apps to remote users, they aren't a sufficient solution for securing a hybrid workforce. Because they place so much trust in users and devices, they end up granting overly permissive access to everything inside the perimeter, putting your data at risk.

These days, mobile devices are integral to the way we work, and many employees spend their days switching between their phones and their computers. While most organizations have a robust cybersecurity strategy in place to protect their laptops and corporate networks, mobile devices are often left underprotected. And that’s a big problem because mobile devices are frequently faced with risks like phishing attacks and operating system vulnerabilities.

‍ When organizations were forced to shift to remote work during the pandemic, they needed a quick-fix solution that would enable their remote employees to securely access work resources. For many, this solution came in the form of VPNs. However, VPNs were not designed for the bring your own device (BYOD) and cloud app security use cases. While VPNs can provide remote access, it may come as a surprise that they fall short when it comes to security.

SaaS applications like Microsoft 365, Google Workspace, and Salesforce are now a ubiquitous part of business. With so much corporate data now residing in the cloud, a perimeter-based approach to security doesn’t cut it. To enforce cloud data protection policies across SaaS apps, a cloud access security broker (CASB) has become a necessity.