There has been a significant increase in cyberattacks targeting Android mobile devices in critical infrastructure sectors in the past year, according to a new report from the cybersecurity firm Zscaler. The biggest increase was in the energy sector, which saw a 387% increase in mobile attacks, followed by healthcare (224%) and manufacturing (111%).
The Zscaler ThreatLabz team analyzed data collected from customers’ mobile and Internet of Things (IoT) devices between June 2024 and May 2025, the findings of which were published in Zscaler’s 2025 Mobile, IoT & OT Threat Report. “Mobile, IoT, and OT systems have become the backbone of business operations today, enabling innovation and powering critical infrastructure across industries,” explained Zscaler in the report. “Mobile devices now dominate global connectivity, while IoT and OT systems keep manufacturing, healthcare, transportation, and smart cities running.”
Attackers are taking advantage of the proliferation of mobile devices and the expanding web of connectivity. The increase in hybrid and remote working, along with bring-your-own-device policies, has been a contributory factor in the growth of attacks targeting mobile devices for initial access. In the year to May 2025, Android malware transactions increased by 67%, with 239 malicious Android applications downloaded 42 million times from the Google Play Store. Google has controls to prevent malicious applications from being uploaded to its Play Store, but the figures show that attackers are circumventing those controls and can easily infect mobile devices.
IoT devices have proliferated in sectors such as manufacturing and healthcare and have become foundational to operations, but these devices have drastically increased the attack surface and are an easy target for intrusions. IoT devices often have security weaknesses and contain vulnerabilities that can be targeted to breach corporate networks and disrupt operations, most commonly using malware families such as Mirai, Mozi, and Gafgyt for botnet expansion and malicious payload delivery.
The interconnectedness of critical infrastructure sectors such as energy and healthcare, combined with the critical role these sectors play in daily life and national security, makes them attractive targets for sophisticated cyber campaigns. In these sectors, there is low tolerance of downtime, and in healthcare, attackers can access valuable and highly sensitive healthcare data. Attackers are targeting these sectors with sophisticated attacks designed to maximize impact and financial gain.
Zscaler predicts that the coming year will see a continued increase in AI-driven exploits, including hyper-targeted phishing campaigns. AI-driven threats can be difficult to identify, and call for AI-driven defenses. IoT and OT ransomware attacks are likely to continue to increase, especially in industries such as manufacturing, energy, and healthcare.
Zscaler warns that attackers are likely to increasingly target mobile applications as supply chain attack vectors, especially third-party mobile app development pipelines to inject malicious code into widely trusted apps, which will require continuous analysis of app permissions and behavior. Industries such as healthcare that have seen a massive increase in attacks will need to ensure that they have a robust mobile device security strategy
One of the most important defenses against increasingly sophisticated threats is the implementation of zero-trust architectures, and Zscaler says it uis especially important to implement zero-trust frameworks for internet-facing devices such as routers and other edge devices.
The post Healthcare Sees 224% Annual Increase in Attacks Targeting Mobile Devices appeared first on The HIPAA Journal.
New GitHub Actions Attack Chain Uses Fake CI Updates to Exfiltrate Secrets and Tokens
A new attack campaign is actively targeting open-source repositories on GitHub by carefully disguising malicious code as completely routine CI build configuration updates. The campaign,
