Zscaler’s latest ThreatLabz report, The 2024 Mobile, IoT, and OT Threat Report, outlines critical security issues that developers should be aware of, covering trends from June 2023 to May 2024.

The report reveals significant vulnerabilities across mobile applications, IoT devices, and operational technology (OT) systems, emphasizing the urgent need for stronger security practices. Among the most concerning findings is the discovery of over 200 infected apps on the Play Store, with a collective download count exceeding eight million. This highlights the need for more rigorous security protocols in app development and stricter app store vetting.

Zscaler’s cloud platform recorded a 45% rise in blocked IoT malware transactions compared to the previous year, indicating a growing security threat that IoT developers must account for.

Zscaler’s Chief Security Officer, Deepen Desai, noted: “Cybercriminals are increasingly targeting exposed legacy assets, which often provide entry points to IoT and OT systems, leading to data breaches and ransomware attacks. The rise in mobile malware and AI-driven vishing attacks underscores the need for AI-powered, zero-trust solutions to close these security gaps.”

The fintech sector faces particular risks, with banking malware attacks up by 29% and spyware incidents increasing by 111% year-over-year. The report specifically points to Anatsa, a banking malware targeting over 650 financial institutions globally, with high activity in Germany, Spain, Finland, South Korea, and Singapore.

Mobile malware attacks are especially prevalent in the technology and education sectors, each accounting for 18% of all attacks, followed by manufacturing at 14%. Developers in these industries are advised to adopt comprehensive security measures to protect their applications.

In the IoT space, manufacturing remains the top target for malware attacks, making up 36% of all IoT malware blocks on Zscaler’s Zero Trust Exchange platform. This trend reflects the sector’s extensive reliance on IoT technology, highlighting the need for developers to incorporate robust security practices in industrial IoT solutions.

The report also addresses OT system vulnerabilities as these systems become more integrated within enterprise networks, expanding the attack surface and increasing the risk of lateral attacks. Developers focusing on OT solutions should prioritize security to safeguard against potential threats.

For developers, the report’s findings underscore the necessity of embedding security at every stage of development, whether building mobile applications, IoT devices, or OT systems.