For enterprise leaders, the integration of mobile, IoT, and Operational Technology (OT) systems has become a double-edged sword. While these technologies form the backbone of business operations and drive innovation, they have also created a vast, interconnected, and vulnerable new attack surface.
A new report from Zscaler ThreatLabz, analysing over 500 trillion daily signals and 20 million mobile-related threats, concludes that threat actors are successfully exploiting this “expanding web of connectivity and interdependence”.
IoT and OT as prime targets
For COOs and CISOs in asset-heavy industries, the report’s IoT and OT findings are sobering. Malicious activity is now a high-volume reality.
The attack landscape is dominated by a few persistent malware families – Mirai, Mozi, and Gafgyt – which together account for roughly 75 percent of all malicious IoT payloads. Their primary targets are the gateways to the network. Routers remain the most targeted device type, accounting for over 75 percent of all attacks, as attackers exploit them for “botnet expansion and malware delivery”.
This focus on network hardware has a direct impact on the industrial sector. The manufacturing and transportation sectors are tied for the most-targeted industries, each accounting for 20.2 percent of all IoT malware attacks.
While these traditional OT sectors remain high-priority targets, the threat is spreading. The report documents explosive year-over-year growth in attacks against sectors adopting enterprise IoT systems, including:
- Arts, Media & Entertainment (1,862% increase)
- Education (861% increase)
- Finance & Insurance (702% increase)
- Energy, Utilities, and Oil & Gas (459% increase)
Making matters worse is the growing reliance on cellular-connected IoT. These devices, often deployed in remote or rugged environments, create a “shadow attack surface that is difficult to detect and defend” due to connectivity gaps and weak SIM protections.
The entry point: mobile devices and hybrid work
Beyond enterprise IoT and OT systems, threat actors are well aware that the easiest path into a secure operational environment is often through the corporate network, and the easiest path onto that network is via an employee’s mobile device.
The report notes a 67 percent year-over-year growth in Android malware transactions. This is directly linked to the realities of modern work. As hybrid models become permanent, “employees are splitting their time between home and office, often leaning heavily on their mobile devices for communication, productivity, and access to corporate resources”.
The widespread adoption of Bring Your Own Device (BYOD) policies, while flexible, expands the attack surface. As the report states, employee-owned devices “are often used to access sensitive corporate data, connect to enterprise networks, and utilise productivity applications, creating potential vulnerabilities”.
Attackers are targeting these devices through several key vectors. A primary method is infiltrating trusted marketplaces; the ‘Tools’ category on the Google Play Store is a frequent disguise for malware, with one report noting 239 malicious apps were downloaded 42 million times.
This is often paired with social engineering, such as “mishing” (SMS-based phishing), which uses urgent fake delivery or bank warnings to lure users to malicious sites.
Finally, the goal is often to gain control through permission abuse. Many malware families – like the Xnotice RAT – are designed to trick users into granting accessibility service permissions, which is described as “the most common way threat actors gain full control of infected devices”.
The industries targeted by mobile malware mirror those targeted on the OT front. Manufacturing (26.06%) and Energy, Utilities, Oil, & Gas (18.97%) are the top two sectors hit by mobile threats.
The surge in attacks against the Energy sector (up 387% year-over-year) and Healthcare (up 225%) shows a deliberate effort to compromise employees in organisations that manage essential infrastructure and sensitive data.
Strategies for securing enterprise IoT, mobile, and OT systems
The convergence of IoT, mobile, and OT threats requires a corresponding convergence in defence. The report’s findings champion a move away from perimeter-based security toward a zero-trust architecture.
For enterprise leaders, this translates into three immediate priorities:
- Discover and classify: The first step is complete visibility. Organisations must develop “a unified strategy to achieve complete visibility into your IoT and OT ecosystem, including the discovery and inventory of all devices—managed, unmanaged, and ‘shadow’ systems”. Without a full inventory, secure segmentation is impossible.
- Focus on network segmentation: The core principle of zero-trust is to assume a breach and prevent lateral movement. The report urges leaders to “implement advanced zero-trust network segmentation” and “isolate unmanaged OT systems into ‘networks of one’”. This ensures that even if a device is compromised, it cannot be used as a stepping stone to reach essential operational controls.
- Secure cellular connections: The “shadow attack surface” of cellular IoT must be brought into the light. This involves enhancing “security for cellular IoT devices” by securing SIM cards to “prevent unauthorised access to internal applications or abuse of unlimited data plans”.
Securing this interdependent ecosystem of IoT, mobile, and OT enterprise systems is no longer just a task for the CISO. It is a core business resilience issue that demands the attention of the full executive team.
See also: Samsung boosts manufacturing with digital twins, AI, and robotics
Want to learn more about IoT from industry leaders? Check out IoT Tech Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the Cyber Security Expo. Click here for more information.
IoT News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here.