IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

161% surge in mobile phishing pushes energy industry to its limits

Following Colonial Pipeline, crooks get a taste for energy companies

Mobile phishing attacks on the energy industry have increased by a whopping 161% in the wake of the attack on the Colonial Pipeline company that caused a fuel shortage in parts of the US.

Mobile phishing is one of the easiest ways for an attacker to steal credentials and compromise an organization’s infrastructure, according to security researchers at Lookout. The researchers also found that the energy industry encounters mobile app threats at twice the rate of other industries at nearly 8%.

A report published alongside the blog post found 17.2% of all mobile cyber attacks globally target energy organizations, making the industry the biggest target of hacktivists, cyber criminals, and nation-state-sponsored attackers.

Phishing exposure rates in North America more than doubled over the past year, with a 134% increase. Organizations experienced an average of attack rate of 13.2% — or one of every nine employees — below the average of their regional peers. 

The data was based on telemetry from more than 200 million devices, 150 million apps, and Lookout Secure Web Gateway (SWG) detections.

The report found the attack surface of energy organizations is ever-increasing due to complex supply chain relationships and digital transformation initiatives, where organizations are shifting workloads to mobile devices and cloud applications. 

Related Resource

The secure cloud configuration imperative

The central role of cloud security posture management

The secure cloud configuration imperativeFree download

It added that such initiatives enable employees, partners, and third-party vendors to remain connected from anywhere. However, this ecosystem exposes energy organizations to significant cyber risks, where a single vulnerability could expose an entire supply chain, as seen with the SolarWinds and Microsoft Exchange attacks of 2020 and 2021.

Stephen Banda, senior manager of security solutions at Lookout and the report’s author, said 95% of threats come from risky apps and app vulnerabilities. Risky apps are those that ask for unnecessary permissions and have poor data handling practices. Vulnerabilities are flaws in apps attackers can exploit to compromise a device.

“Many security teams may glance over mobile apps as they believe the mobile ecosystem is secure. The reality is that any app in your mobile fleet can have significant security and compliance ramifications, whether it’s the permissions they request, the SDKs they use or the vulnerabilities they carry,” he said.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022
How do you become an ethical hacker?
ethical hacking

How do you become an ethical hacker?

29 Apr 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022