The latest Zscaler ThreatLabz 2025 Mobile, IoT, and OT Threat Report reveals a 67% increase in Android malware incidents and a significant shift in IoT attack patterns, particularly targeting critical infrastructure in sectors such as energy and manufacturing.
The report indicates that the energy sector has witnessed an astonishing 387% rise in attacks compared to the previous year.
“Attackers are pivoting to areas with maximum impact. We’re seeing a year-over-year rise of 67% in malware targeting mobile devices and 387% in IoT/OT attacks on energy sectors, which host critical infrastructure,” remarked Deepen Desai, EVP and chief security officer at Zscaler.
This escalation signals an urgent need for enhanced security measures among industry leaders.
India has emerged as the hottest target for mobile attacks, accounting for 26% of global activity. Following closely are the United States and Canada, with 15% and 14% respectively. The report revealed a 38% increase in mobile threat attacks in India alone, highlighting the region’s vulnerability. “The concentration of mobile attacks in countries like India underscores a global trend that security leaders need to address urgently,” Desai added.
For IoT, the United States stands out as both a hub for IoT activities and the primary target, receiving 54% of the malware traffic. The report notes that 40% of blocked transactions were linked to the Mirai malware family, with Mozi overtaking Gafgyt as the second most prevalent IoT threat. Manufacturing and transportation sectors remain prime targets, collectively accounting for over 40% of total IoT incidents.
Furthermore, the report sheds light on a new backdoor called Android Void malware, infecting 1.6 million Android-based TV boxes, primarily in India and Brazil. Similarly, threats like the Xnotice Remote Access Trojan (RAT), which targets job seekers in the oil and gas industry, illustrate the ongoing evolution of cyber threats.
To effectively mitigate these risks, Zscaler advocates for a Zero Trust approach coupled with AI-powered threat detection. “A Zero Trust everywhere approach is imperative to reducing the attack surface and providing organisations with the defence they need against ever-evolving attacks,” Desai asserted.
In the face of rising threats, security leaders in Asia must emphasise enhanced protection for critical infrastructure while ensuring robust operational frameworks to defend against increasing vulnerabilities.
Tags: Android trojanIoT malwareZscaler
