Zscaler, Inc has released its 2024 Mobile, IoT, and OT Threat Report, revealing alarming trends in cyber threats from June 2023 to May 2024. The findings underscore the urgency for organisations to reevaluate and secure their mobile devices, IoT devices, and operational technology (OT) systems.

The report identifies over 200 malicious apps on the Google Play Store, which collectively have more than 8 million installs globally. Zscaler's cloud platform blocked 45% more IoT malware transactions compared to the previous year, highlighting the continued spread of botnets across IoT devices.

"Cybercriminals are increasingly targeting legacy exposed assets, often acting as gateways to IoT and OT environments, leading to data breaches and ransomware attacks," said Deepen Desai, Chief Security Officer at Zscaler. "Mobile malware and AI-driven vishing attacks are adding to this threat, making it crucial for organisations to adopt AI-powered zero trust solutions to shut down all potential attack vectors."

The report also highlights the financial motivation behind mobile malware, with cyberattacks becoming more profitable, particularly through extortion and the sale of stolen personal data. Singapore has emerged as the second most targeted country in the APJ region by mobile malware, following India. The rise in spyware in the region has surged by 77% year-on-year. Anatsa, a well-known Android banking malware, has affected over 650 financial institutions, specifically targeting users in countries like Singapore, Germany, Spain, Finland, and South Korea.

Singapore also ranks as the second most impacted country globally by IoT attacks, following the United States. It accounts for 5.3% of all IoT attacks globally. The report outlines the top countries most affected by IoT attacks: the United States (81.3%), Singapore (5.3%), the United Kingdom (2.8%), Germany (2.7%), and Canada (2%).

Industries most vulnerable to these threats include technology, education, and manufacturing. The education sector saw a significant 136% increase in blocked mobile malware transactions. Manufacturing, for the second consecutive year, experienced the highest volume of IoT malware attacks, accounting for 36% of all IoT malware blocks observed.

The report also draws attention to the growing risks associated with OT systems. Once isolated from the internet, OT and cyber-physical systems have become integrated into enterprise networks, creating a large attack surface for external threats. Zscaler highlights the need for organisations to secure their mobile endpoints, IoT devices, and OT systems to mitigate the risks of cyberattacks.

In response, Zscaler advocates for the adoption of zero trust architecture, enabling secure access from any device, location, and application. This approach reduces cyber risks while supporting hybrid work environments, remote access, and the use of IoT and OT connectivity.

The 2024 report underscores the critical need for organisations to enhance their security measures to protect against these evolving and pervasive cyber threats.