Mobile, IoT and OT cyber threats increase in 2024

by

A new one report from cloud security company Zscaler sheds light on the growing mobile threats on Android operating systems, as well as IoT and OT devices. The findings come as more than 60% of global internet traffic is now generated through mobile devices and financially oriented mobile threats have grown by 111% in the past year.

A list of mobile malware threats

Zscaler’s ThreatLabz saw a 29% increase in mobile banking malware over the previous year, with banking malware representing 20% ​​of the total Android threat landscape.

The most active banking malware families so far include:

  • Vulturewhich is mainly distributed through the Google Play Store.
  • Hydraspread via phishing messages, websites and malicious Google Play Store apps.
  • Ermacdesigned to steal financial data from banking and wallet apps.
  • Anatsaalso known as TeaBot
  • Copperalso known as Octo
  • Nexusmainly targeting cryptocurrency accounts

Most of these banking malware record keystrokes, hack credentials and intercept SMS messages to bypass Multi-Factor Authentication.

SEE: How to Create an Effective Cybersecurity Awareness Program (TechRepublic Premium)

Spyware threats rise by more than 100%

In addition to banking malware, spyware threats have also grown, with researchers indicating that blocked transactions have increased by 100% over the previous year.

The most common spyware reported are SpyLoan, SpinOk and SpyNote.

  • SpyLoan has the ability to steal personal data from devices, such as accounts, device information, call logs, installed apps, calendar events, metadata, and more.
  • Spin Ok spyware collects sensitive data and files from various locations on the infected device and exfiltrates the data to an attacker-controlled server.
  • SpyNotealso known as CypherRat, provides additional remote access capabilities so that the attacker can control the execution of software on the mobile device.

According to Zscaler, the most mobile malware targeted India (28%), the US (27%) and Canada (15%), followed by South Africa (6%), the Netherlands (5%), Mexico (4%), Nigeria (3%), Brazil (3%), Singapore (3%) and the Philippines (2%).

Top 10 countries targeted by mobile malware.
Top 10 countries targeted by mobile malware. Image: Zscaler

Sectors affected include technology (18%), education (18%), manufacturing (14%), retail and wholesale (12%) and services (7%).

Most targeted sectors.
Most targeted sectors. Image: Zscaler

Mobile malware is distributed via various methods. One method consists of using social engineering techniques. As an example, Zscaler reports that attackers deployed the Copybara mobile malware using voice phishing (vishing) attacks, where the victim received voice instructions to install the malware on their Android phones.

QR code scams are also common, where victims are tricked into scanning malicious QR codes that lead to malware infections or, in some cases, to phishing pages.

Some malware is also available in the Google Play Store. These include Joker – which silently subscribes users to premium services without their consent to generate charges – followed by adware-malware type and facestealer, a Facebook account stealer.

Most common malware families in the Google Play Store.
Most common malware families in the Google Play Store. Image: Zscaler

Overall, despite an overall decline in Android attacks, financially oriented mobile threats have grown by 111% in the past year.

IoT and OT threats

Internet of Things and Operational Technology environments continue to grow and are increasingly targeted by attackers, according to the report. The researchers indicate that the number of IoT devices working with it has grown by 37% year-on-year.

IoT malware attacks have grown by 45% in the past year, with routers being the most targeted type of device, with more than 66% of attacks targeting these devices. The leading malware families hitting IoT devices are Mirai (36.3%) and Gafgyt (21.2%). Botnets built with this malware on IoT devices can be used to launch large Distributed Denial of Service attacks.

IoT devices most targeted by malware attacks.
IoT devices most targeted by malware attacks. Image: Zscaler

In terms of geographic distribution, more than 81% of IoT malware attacks targeted the US, followed by Singapore (5.3%), the United Kingdom (2.8%), Germany (2.7%), Canada (2%) and Switzerland (1.6%).

Most targeted countries - IoT malware attacks.
Most Targeted Countries – IoT Malware Attacks. Image: Zscaler

Top sectors affected by IoT malware attacks are manufacturing (36.9%), transportation (14.2%), food, beverage and tobacco (11.1%).

On the OT side, 50% of devices in many deployments are running legacy end-of-life operating systems. Protocols prone to various vulnerabilities are also often exposed in OT environments, such as SMB or WMI.

As an example, ThreatLabz analyzed the OT content of a large-scale manufacturing organization, consisting of more than 17,000 connected OT devices across more than 40 different locations. Each site contained more than 500 OT devices with end-of-life Microsoft Windows operating systems, many of which had known vulnerabilities.

67% of global traffic to the OT devices was unauthorized or blocked.

Risky internal traffic protocols in a manufacturing OT environment.
Risky internal traffic protocols in a manufacturing OT environment. Image: Zscaler

What will the future look like?

According to Zscaler, IoT and OT devices will remain primary threat vectors, while the manufacturing sector will remain a top target for IoT attacks, including ransomware.

Zscaler also suspects artificial intelligence will increasingly be used to deliver high-quality phishing campaigns targeting mobile users. However, AI will also help defenders automate critical functions and better prioritize their efforts.

How to protect IoT and OT devices from cyber attacks

To protect against threats on IoT and OT devices, it is necessary to:

  • Gaining visibility on IoT and OT devices is a priority. Organizations must discover, classify and maintain lists of all IoT and OT devices used in their entire environment.
  • Keep all systems and software up to date and patched to prevent it from being compromised by common vulnerabilities.
  • Network logs must be collected and analyzed. Access to suspicious user accounts and system events should be monitored in particular.
  • Multi-factor authentication should be deployed whenever possibleand default passwords and accounts should be changed or disabled.
  • Zero-Trust device segmentation must be enforced for IoT and OT assets minimize data exposure.

How to protect mobile devices from cyber attacks

To protect against threats on mobile devices, it is important to:

  • Install security applications on the devices to protect them from malware and possible phishing attempts.
  • Any link that arrives on the mobile phone, regardless of the application, should be scrutinized carefully. In case of suspicious link, it should not be clicked and reported to IT security personnel.
  • Unknown applications should be avoided. Also, apps should never be downloaded from third parties or untrusted sources.

Companies should also be wary of apps that request updates immediately after installation. An app downloaded from the Play Store must be the latest version. If a program requests permission to update immediately after installation, it should be treated as suspicious and may indicate malware attempting to download additional malicious components.

Disclosure: I work for Trend Micro, but the opinions expressed in this article are my own.

+++++++++++++++++++
Ready to Sell
AISKILLSOURCE.COM

Leave a Comment

© 2025 - beewire.org

Privacy Policy

Terms

Contact