Highlights Urgent Need for Stronger App Protections Amid Rising Cyberattacks
In a time when smart gadgets outnumber people, the Internet of Things (IoT) has emerged as a great enabler of connections across industries, from healthcare to manufacturing. However, the sudden integration of IoT devices has introduced severe risks that are particularly concerning.
As illustrated in the Zscaler ThreatLabz 2024 Mobile, IoT, & OT Threat Report, IoT app vulnerabilities are growing at an alarming rate, thus illustrating a critical demand for stronger protection. From June 2023 to May 2024, ThreatLabz documented a staggering 45% rise in IoT malware incidents, with an 111% increase in mobile spyware targeting Android.
Key industries, such as manufacturing, transportation, and food and beverage, are increasingly under siege. With over 50% of OT devices relying on outdated systems, these vulnerabilities stress the urgency for rigorous defense solutions.
Growing number of devices connected & integrated with broader environments
ThreatLabz reports that IoT and OT environments saw a 45% surge in malware incidents. Many IoT devices, which range from industrial machinery to medical devices, were isolated from broader networks.
However, as connectivity grows, devices that were traditionally confined to specific environments are now being linked with IT infrastructure. While this integration enhances productivity, it also creates new gateways for attackers who exploit vulnerabilities in IoT security.
Manufacturing has become the most targeted industry, facing 36% of IoT malware. This rise reflects both the sector’s high level of dependence on IoT devices and the relative lack of proper protections in place.
For example, protocols like Modbus, which are used widely in industrial networks, have little to no built-in protection. Hackers can use these weaknesses to gain control and inject spyware or scripts that disable entire systems.
Mobile “gadgets” aren’t gadgets to criminals
With almost 97% of people accessing the Internet through mobile gadgets and over 59% of Internet traffic coming from mobile sources, the need for mobile app protections is obvious.
Android, which dominates the mobile market, has become a main target. The 111% rise in mobile spyware reveals the unrelenting creativity of threat actors who often use tools like Hydra, Anatsa, and Vultur malware that target Android users through apps on platforms such as Google Play. These malicious apps collect sensitive data and financial credentials—with more than 200 fake apps spotted on Google Play alone—collectly accumulating nearly 8 million installs.
A key concern in IoT is that it often relies on outdated systems. In OT settings, more than half of all devices still run on legacy systems that lack modern security features. Such environments can even include manufacturing equipment, water treatment plants, and even hospital equipment. Threat actors can sometimes compromise these old systems due to the high volume of known vulnerabilities, outdated encryption methods, and weak access controls.
This problem is made worse by a lack of internal segmentation. Many OT environments generate as much east-west (internal) network traffic as external traffic, yet most organizations focus on protecting only north-south (external) entry points. Without segmentation of east-west traffic, attackers can move freely within a network once they have gained access. The consequence is a high-risk environment where hackers may target multiple devices across a network to unleash ransomware or other payloads with devastating consequences.
As hackers exploit these vulnerabilities, the need to secure each device connection is undeniable. However, traditional protection protocols cannot always provide sufficient protection for IoT devices, which typically lack the processing power for advanced encryption. With IoT malware incidents on the rise, the demand for lightweight cryptographic solutions that don’t compromise device performance is higher than ever.
The push for zero trust
The shift from traditional security to a zero-trust approach is essential for IoT and OT environments as well as mobile apps. With zero trust, each connection is treated like a possible threat, requiring strong authentication and authorization for all interactions. This minimizes the risk of lateral movement within networks and shrinks the attack surface that threat actors can exploit.
Organizations increasingly adopt zero-trust segmentation for IoT and OT devices to prevent unauthorized access to critical systems. By enforcing segmentation on a per-device basis, companies can limit internal traffic to authorized devices, effectively containing any potential breach. Such measures are especially critical in sectors like transportation, manufacturing, and energy, where a single infected device can compromise the whole network.
IoT threats are expected to grow as attackers adopt more advanced techniques, including AI-driven phishing and social engineering attacks. Many attacks are financially motivated, and sectors with high-value assets, such as technology and healthcare, will continue to be prime targets. Threat actors are likely to deploy increasingly sophisticated malware, such as Anatsa, to bypass multifactor authentication and use techniques like QR code-based distribution to spread rapidly.
The rise in IoT malware, spyware, and mobile attacks demonstrates a pressing need for more rigorous IoT app protections. With connected devices at the center of critical information and industries, companies can’t afford to leave IoT systems vulnerable. Implementing zero trust, device segmentation, and constant monitoring will be essential in these environments and each device. As IoT technology advances, so must their proactive protections.
