Zscaler, Inc. recently unveiled its 2024 Mobile, IoT, and OT Threat Report. The report reveals an alarming surge in cyber threats targeting mobile, IoT, and OT systems.
The findings, covering data from June 2023 through May 2024, highlight critical security gaps as cybercriminals exploit vulnerabilities in everyday devices and essential systems.
The Zscaler ThreatLabz report highlights an immediate necessity for companies to reassess their cybersecurity approaches. Cyberattacks increasingly target connected devices across various industries, threatening operational continuity and data integrity.
The shift toward hybrid work and interconnected systems means businesses must consider new security frameworks. Traditional defenses, the report indicates, are no longer enough to counter modern cyber threats.
ThreatLabz discovered over 200 malicious applications in the Google Play Store, collectively downloaded more than 8 million times. These apps expose millions of mobile devices to potential malware, compromising personal and business data.
Such malware often slips past detection, making mobile ecosystems increasingly vulnerable.
In IoT, Zscaler observed a 45% spike in malware attacks compared to the previous year. This rise in IoT botnets aligns with the growing adoption of connected devices in enterprise environments. Cybercriminals exploit these devices to establish entry points to launch broader attacks within corporate networks.
Financially motivated attacks remain a top concern, with significant increases in banking malware and spyware. Banking malware attacks rose by 29%, while spyware attacks skyrocketed by 111%.
Cybercriminals deploy these tactics to steal personal information or extort money from victims. The stolen data often circulates within cybercriminal networks, further fueling future attacks.
The Anatsa banking malware stands out as particularly dangerous. Anatsa targets Android devices, using sophisticated methods like PDF and QR code readers to infiltrate user systems.
It has infected users in countries like Germany, Spain, Finland, South Korea, and Singapore, posing a significant threat to financial institutions in these regions.
Cybercriminals are also targeting specific industries more aggressively. The technology, education, and manufacturing sectors saw the highest incidence of mobile malware attacks.
These sectors constitute a large portion of the mobile malware transactions blocked on the Zscaler platform. The education sector, in particular, witnessed a dramatic 136% increase in blocked transactions compared to last year.
The manufacturing sector has experienced the highest volume of IoT malware attacks for the second consecutive year. Manufacturing organizations heavily rely on IoT for process monitoring, automation, and supply chain management, making them vulnerable.
With 36% of all IoT malware attacks, this industry exemplifies how connected devices can create significant security risks.
On a global scale, the United States remains the primary target for IoT-based cyberattacks. The country accounts for 81% of global IoT traffic, attracting substantial attention from threat actors.
Other high-traffic regions include Japan, China, Singapore, and Germany, underscoring the broad reach of these cyber threats.
Mobile malware activity surged in several countries, with India emerging as the most targeted country. Other heavily affected nations include the United States, Canada, South Africa, and the Netherlands. This global distribution highlights how cybercriminals target mobile devices worldwide without regard to regional boundaries.
Zscaler’s report also spotlights vulnerabilities in OT systems, particularly those using legacy or end-of-life technology. OT systems were once air-gapped and isolated from the internet, providing a natural layer of security.
However, as businesses integrate OT into enterprise networks, these systems have become highly susceptible to cyberattacks.
Legacy OT systems often lack updates or patches, exposing them to zero-day vulnerabilities. Cybercriminals exploit these vulnerabilities to infiltrate corporate networks, frequently spreading undetected.
The attack surface grows as OT systems become interconnected, making lateral movement across networks easier for attackers.
The report emphasizes the importance of adopting a zero-trust security model to mitigate these risks. Unlike traditional approaches that defend the network perimeter, zero-trust assumes that all network traffic is potentially hostile. This model limits access, helping organizations restrict unauthorized movement within networks.
Today’s hybrid work environments add complexity to securing connected devices. Employees access business systems from personal devices, often on unsecured networks.
According to Zscaler, zero-trust frameworks provide seamless yet secure access to applications across cloud, on-premises, and data center environments.
Zscaler’s Zero Trust Exchange platform supports organizations in this transition, particularly for IoT and OT deployments. This solution prevents device compromise and minimizes lateral movement within corporate networks.
With secure remote access to OT systems, businesses can avoid VPN connections that increase vulnerability.
Zscaler’s Chief Security Officer, Deepen Desai, underscores the need for zero trust, particularly with rising mobile malware and AI-driven vishing attacks.
These threats highlight the critical need for CISOs and CIOs to adopt an AI-powered zero-trust approach to shut down attack vectors, which protects against a wide range of cyber threats.
The report also reveals a significant shift in the threat landscape for mobile and IoT devices as financially motivated attackers grow more sophisticated. These attackers gain substantial monetary rewards through extortion and selling stolen information.
The findings reveal how profitable cybercrime has become, with threat actors increasingly leveraging stolen data for future attacks.
Organizations in high-risk sectors, such as technology, education, and manufacturing, face unique challenges. Due to their reliance on IoT devices, these industries represent a large portion of attack targets.
For instance, IoT-driven manufacturing operations rely on connected devices for real-time process monitoring, increasing their exposure.
While certain countries, such as the U.S. and India, are mainly targeted, the threats are global. Organizations worldwide must strengthen their defenses, especially given hybrid work and remote access growth.
Zscaler’s report provides a clear roadmap, urging businesses to implement a zero-trust architecture to safeguard mobile, IoT, and OT endpoints.
In OT systems, the stakes are incredibly high. Legacy systems were not built for today’s interconnected environments, leaving significant security gaps.
As these systems integrate with enterprise networks, organizations must secure them against modern threats. The increasing lateral movement within OT environments amplifies the impact of any breach.
With a zero-trust approach, organizations gain better control over network access. This model limits attackers’ ability to move freely, helping contain potential breaches. For hybrid environments, zero-trust also provides seamless access without compromising security.
Zscaler’s 2024 Threat Report illustrates the urgent need for modern, adaptable cybersecurity strategies. Businesses must address vulnerabilities across mobile, IoT, and OT systems, which form the backbone of today’s digital economy.
The report suggests that zero trust is practical and necessary to secure organizations in a rapidly evolving cyber landscape.
Organizations can download the full report to explore in-depth findings and recommended security practices. Reinforcing cybersecurity frameworks has never been more crucial in an increasingly digital world.
As threat actors grow more sophisticated, the zero-trust approach offers a vital line of defense.