Mobile malware certainly exists – especially on the Android platform – but hasn’t yet risen to the same scale of traditional desktop malware. In part, we believe this is due to mobile devices being designed with a secure mechanism (e.g., secure boot) from the start, making it much more difficult to create “zero-touch” threats that don’t require victim interaction. However, serious remote vulnerabilities have existed against these devices, though harder to find.

Meanwhile, mobile devices present a very enticing target to state-sponsored cyber teams due to both the devices’ capabilities and information contained in them. As a result, groups selling to state-sponsored organizations are mostly responsible for funding much of the sophisticated threats and vulnerabilities targeting mobile devices, such as the recent Pegasus mobile spyware. Unfortunately, like in the case of Stuxnet, when these more sophisticated threats leak, criminal organizations learn from them and copy the attack techniques.

Next year, we believe we will see an increase in sophisticated cybercriminal mobile attacks due to the state-sponsored mobile attacks that have started to come to light.

See more of WatchGuard's 2022 Cybersecurity Predictions here:
https://www.watchguard.com/wgrd-resource-center/cyber-security-predictions