The US is the top target for cyber-attacks focusing on mobile devices and those connected by the Internet of Things (IoT) plus the operational technology (OT) systems than run facilities such as power plants.
According to cybersecurity firm Zscaler’s ThreatLabz 2024 Mobile, IoT, and OT Threat Report, mobile remains a top threat vector, with 111% growth in spyware and 29% growth in banking malware. Technology (18 percent), education (18 percent) and manufacturing (14 percent) continue to be the sectors most targeted by mobile malware. The education sector saw the most dramatic rise in blocked transactions, with a 136 percent increase on the previous year.
Anatsa, an Android banking malware that uses PDF and QR code readers, targeted over 650 financial institutions and users in Germany, Spain, Finland, South Korea, and Singapore. ThreatLabz also identified over 200 malicious apps in the Google Play Store, with more than eight million collective installs.
Manufacturing once again saw the highest volume of IoT malware attacks, representing 36 percent of all IoT malware blocks observed. Manufacturing is the sector most vulnerable to this type of attack as a result of its high number of IoT connected devices used for automation and process monitoring. From June 2023 to May 2024, ThreatLabz observed a 45% increase in IoT malware attacks. OT deployments can also involve thousands of connected devices spread across dozens of sites, creating a substantial attack surface for external threats.
US accounts for 81 percent of IoT cyber-attacks
The US remains the primary destination for IoT device traffic, accounting for 81 percent of all IoT cyberattacks. However, according to ThreatLabz, India is now the country most targeted by mobile malware, accounting for 28 percent of all attacks. The other four countries worst hit are the US, Canada, South Africa, and the Netherlands.
ThreatLabz recommends that organizations now adopt a zero trust architecture that enables secure remote access from any user device to any application, from any location.
“Cybercriminals are increasingly targeting legacy exposed assets which often act as a beachhead to IoT & OT environments…making it critical for CISOs and CIOs to prioritize an AI-powered zero trust solution to shut down attack vectors of all kinds,” says Zscaler Chief Security Officer, Deepen Desai.
