Zscaler highlights security trends challenging developers

Zscaler has released its annual ThreatLabz report, highlighting security challenges that should be on every developer’s radar.

The 2024 Mobile, IoT, and OT Threat Report – covering June 2023 to May 2024 – highlights critical vulnerabilities in mobile applications, IoT devices, and operational technology (OT) systems that demand immediate attention from the development community.

One of the most alarming findings is the discovery of over 200 infected applications in the Play Store, collectively amassing more than eight million downloads. This underscores the need for more robust security practices in mobile app development and more stringent vetting processes for app stores.

The report also notes a 45% increase in IoT malware transactions blocked by Zscaler’s cloud platform compared to the previous year, signalling a growing threat that IoT developers must address in their security strategies.

Deepen Desai, Chief Security Officer at Zscaler, said: “Cybercriminals are increasingly targeting legacy exposed assets which often act as a beachhead to IoT & OT environments, resulting in data breaches and ransomware attacks.

“Mobile malware and AI driven vishing attacks adds to that list making it critical for CISOs and CIOs to prioritise an AI powered zero-trust solution to shut down attack vectors of all kinds safeguarding against these attacks.”

For developers in the fintech sector, the report raises significant concerns. Banking malware attacks have risen by 29%, while spyware incidents have surged by 111% year-on-year. The report specifically highlights Anatsa, an Android banking malware that has targeted over 650 financial institutions, particularly in Germany, Spain, Finland, South Korea, and Singapore.

The technology and education sectors emerged as the most frequent targets of mobile malware, each accounting for 18% of attacks, followed closely by manufacturing at 14%. Developers working in these industries should be particularly vigilant, implementing robust security protocols in their applications.

In the IoT realm, the manufacturing sector continues to be the primary target of malware attacks for the second consecutive year, representing 36% of all IoT malware blocks observed on Zscaler’s Zero Trust Exchange platform. This prevalence is attributed to the sector’s extensive use of IoT applications across various processes, highlighting the need for developers to prioritise security in industrial IoT solutions.

The report also sheds light on the vulnerabilities of OT systems, which have increasingly become integrated into enterprise networks. This integration has expanded the attack surface, making these systems more susceptible to external threats and increasing the risk of lateral movement within networks. Developers working on OT systems need to be aware of these risks and design their solutions with security at the forefront.

For developers, the implications of this report are clear: security must be integrated from the ground up, whether you’re building mobile apps, IoT devices, or OT systems.

(Photo by Elena Mozhvilo)

See also: Entry points threaten multiple open-source ecosystems

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including BlockX, Digital Transformation Week, IoT Tech Expo, and AI & Big Data Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: cyber security, cybersecurity, hacking, infosec, internet of things, iot, malware, operational technology, ot, report, research, security, study, threatlabz, trends, zscaler