In a significant development for global cybersecurity, a new report from Zscaler’s ThreatLabz division has documented substantial increases in malicious activity targeting mobile devices, Internet of Things (IoT) systems, and Operational Technology (OT) infrastructure during the period from June 2023 to May 2024. The findings underscore a growing threat landscape where financially motivated attacks are becoming increasingly prevalent and sophisticated.
According to the Zscaler ThreatLabz 2024 Mobile, IoT, and OT Threat Report, researchers observed a 111% growth in spyware incidents and a 29% increase in banking malware attacks on mobile platforms. Simultaneously, IoT malware activity rose by 45% over the same timeframe. These figures highlight a clear upward trajectory in cyber threats affecting critical consumer and industrial systems.
The report, which draws on telemetry from Zscaler’s global security cloud, identifies several key trends shaping the current threat environment. Financially motivated malware remains a dominant concern, with threat actors increasingly deploying spyware and banking trojans to steal sensitive data and financial credentials from mobile users. In the IoT and OT sectors, attackers are exploiting vulnerabilities in connected devices to gain unauthorized access to networks, potentially disrupting essential services.
Among the specific threats highlighted in the analysis are Anatsa banking malware, which has been active in targeting Android users through malicious applications distributed via unofficial channels, and the Volt Typhoon campaign, noted for its focus on compromising OT systems in critical infrastructure sectors. The report also includes an examination of large-scale OT deployments, revealing how security gaps in industrial control systems can be exploited at scale.
Understanding the Threat Landscape
The convergence of mobile, IoT, and OT environments has created expanded attack surfaces that cybercriminals are actively exploiting. Mobile devices, now integral to both personal and professional workflows, serve as prime targets for spyware designed to monitor communications, track location, and harvest authentication data. Banking malware, meanwhile, often masquerades as legitimate financial applications to trick users into divulging login credentials or initiating fraudulent transactions.
In the IoT domain, the proliferation of inadequately secured smart devices—ranging from home appliances to industrial sensors—has provided attackers with numerous entry points into networks. Once compromised, these devices can be used to launch distributed denial-of-service (DDoS) attacks, serve as pivot points for lateral movement, or exfiltrate sensitive operational data. OT systems, which manage physical processes in manufacturing, energy, and transportation, face risks that extend beyond data loss to include potential disruption of essential services or physical damage.
Zscaler’s analysis emphasizes that many of these attacks succeed due to insufficient network segmentation, outdated firmware, and the absence of zero-trust security principles. The report advocates for a shift away from traditional perimeter-based defenses toward models that verify every access request regardless of origin, thereby limiting the blast radius of potential breaches.
Key Findings and Observations
One of the report’s notable observations is the geographic distribution of threats, with certain regions experiencing higher concentrations of specific attack types. While the document does not provide a granular breakdown by country in its public summary, it indicates that threat activity is not uniformly distributed and often correlates with economic targets and digital adoption rates.
The analysis also highlights the evolving tactics of threat actors, including the use of legitimate cloud services for command-and-control infrastructure and the increasing use of living-off-the-land binaries (LOLBAS) to evade detection. These techniques allow attackers to blend in with normal network traffic, making identification and response more challenging for security teams.
For organizations managing OT environments, the report stresses the importance of understanding the unique protocols and legacy systems involved. Unlike traditional IT networks, OT systems often rely on specialized communication protocols and may include equipment with decades-long lifespans that cannot be easily patched or replaced. This necessitates tailored security strategies that balance operational continuity with risk mitigation.
Recommendations and Best Practices
In response to the rising threat levels, Zscaler’s ThreatLabz outlines several actionable recommendations for strengthening defenses across mobile, IoT, and OT domains. Central to these is the implementation of zero-trust architecture, which assumes no implicit trust based on network location and instead requires continuous verification of user identity, device health, and access intent.
Specific measures include enforcing strict access controls based on the principle of least privilege, deploying mobile threat defense solutions capable of detecting spyware and banking trojans, and implementing comprehensive IoT device discovery and monitoring. For OT environments, the report recommends network segmentation to isolate critical control systems, regular vulnerability assessments tailored to industrial protocols, and enhanced monitoring for anomalous behavior indicative of compromise.
The document also encourages organizations to prioritize employee awareness training, particularly around phishing and social engineering tactics that often serve as initial infection vectors for mobile malware. Maintaining up-to-date inventories of all connected devices—including shadow IT and personal devices used for work—is described as foundational to effective risk management.
Industry Context and Broader Implications
The trends identified in the Zscaler report align with broader observations from other cybersecurity authorities regarding the increasing professionalization of cybercrime and the growing focus on targets that offer both financial reward and operational disruption potential. As more critical infrastructure becomes digitized and connected, the line between IT and OT threats continues to blur, requiring coordinated defenses across traditionally siloed teams.
Industries such as healthcare, energy, transportation, and manufacturing are particularly exposed due to their reliance on interconnected systems where a breach in one domain can cascade into others. For example, a compromised IoT device in a hospital setting could potentially affect patient monitoring systems, while an attack on OT infrastructure in a power grid could lead to widespread service interruptions.
Looking ahead, the report includes a section on 2025 predictions, anticipating continued growth in AI-assisted attack techniques, further exploitation of supply chain relationships, and persistent targeting of authentication mechanisms. However, as with any forward-looking assessment, these projections are presented as analytical insights rather than guaranteed outcomes.
For readers seeking to explore the full dataset and methodology behind these findings, the complete Zscaler ThreatLabz 2024 Mobile, IoT, and OT Threat Report is available through the company’s official resources portal. Access to the full document typically requires registration with basic contact information, a common practice for industry threat intelligence publications.
As cyber threats continue to evolve in complexity and impact, staying informed through verified sources like the Zscaler ThreatLabz report remains essential for organizations aiming to strengthen their resilience. The data presented serves not only as a snapshot of current risks but also as a foundation for informed decision-making about where to allocate security investments and how to prioritize defensive initiatives.
We invite our readers to share their experiences and insights regarding mobile, IoT, and OT security challenges in the comments below. Have you encountered similar trends in your organization or personal use of connected devices? What strategies have proven most effective in your context? Your perspectives contribute to a deeper collective understanding of how to navigate this dynamic threat landscape.