Covers threats and defenses specific to smartphones, tablets, and other portable devices. Articles explore mobile malware trends, app permissions management, operating system hardening, secure communication tools, and techniques to protect personal and corporate data on mobile platforms.
posts
Your Employees' Phones Are Under Siege In March 2024, MGM Resorts was still reeling from one of the most expensive social engineering attacks in corporate history — one that started with a phone call, not an email. That incident cost the company over $100 million. And it's not
In 2023, a single employee's compromised personal phone gave threat actors a foothold into MGM Resorts' corporate network. The resulting breach cost the company over $100 million. The attack didn't start with some sophisticated zero-day exploit — it started with a social engineering call to the
In 2023, Verizon's Data Breach Investigations Report found that 74% of all breaches involved the human element — and mobile devices have become the primary attack surface for exploiting that weakness. I've watched organizations spend six figures on perimeter defenses while their employees check corporate email on
In 2023, a single compromised employee phone at MGM Resorts International led to a social engineering attack that cost the company over $100 million in losses. The threat actors didn't hack a firewall or exploit a zero-day. They called the help desk. That incident is a masterclass in
The Personal Phone That Took Down a Hospital Network In 2023, a nurse at a regional hospital plugged her personal phone into a workstation USB port to charge it. That phone carried malware picked up from a third-party app store. Within 72 hours, ransomware had encrypted patient records across three
The Text Message That Cost One Company $40 Million In 2024, a sophisticated smishing campaign targeted employees at several major financial institutions. Threat actors sent SMS messages impersonating IT support, directing staff to fake login portals that harvested credentials and multi-factor authentication tokens. The attackers then used those stolen credentials
In January 2023, T-Mobile disclosed that a threat actor had stolen data on 37 million customer accounts — and the intrusion reportedly exploited an API accessible from systems that included employee-used devices. It wasn't a sophisticated zero-day. It was a gap in how endpoints and access were managed. If
A Single Employee's Phone Just Cost This Company Everything In August 2021, T-Mobile confirmed a massive data breach affecting over 50 million people. While the full attack chain was complex, the reality is that personal devices connecting to corporate environments create attack surfaces that most IT teams drastically
In April 2021, the FBI's IC3 reported that losses from internet crime topped $4.2 billion in 2020 — and a growing share of those incidents started on a mobile device. Not a server. Not a laptop in a locked office. A phone sitting in someone's pocket
Your Employees' Phones Are the Weakest Link Right Now In September 2021, Lookout reported that mobile phishing attacks had surged 161% since 2020. That's not a typo. The device your employees carry everywhere — the one they check 96 times a day — has become the primary attack surface
