Dive Brief:
- Energy, healthcare, government and transportation saw the biggest surges in cyberattacks targeting Android devices between June 2024 and May 2025, the security firm Zscaler said in a report published on Wednesday.
- Agriculture, IT and education saw some of the biggest drops in attacks on Android devices, according to the report.
- Manufacturing, which also saw a significant increase in 2025, accounted for 26% of all cyberattacks on Android devices that Zscaler tracked.
Dive Insight:
The escalating volume of cyberattacks on Android devices in sectors such as manufacturing (up 111% over last year), healthcare (up 224%) and energy (up 387%) reflects the fact that mobile devices are proliferating — and creating new operational disruption risks — in those industries.
The manufacturing, energy and retail sectors in particular represent “high stakes environments where successful attacks could yield substantial returns for cybercriminals,” Zscaler said in its report.
Analyzing the spikes in energy and healthcare, Zscaler observed that “the interconnectedness of these sectors, coupled with their vital role in daily life and national security, makes them prime targets for sophisticated cyber campaigns designed to maximize impact and financial gain.”
In addition to analyzing threats on its customers’ mobile phones, Zscaler collected data from customers’ internet of things devices between June 2024 and May 2025. Manufacturing, finance, healthcare and education topped the list of sectors with the most IoT devices, suggesting massive attack surfaces ripe for intrusions.
The manufacturing sector is “uniquely vulnerable” to attacks on IoT devices, Zscaler said, because many of them interconnect with operational technology, creating some of the most serious and widespread disruption risks facing any sector. Attackers are also motivated to target manufacturers, researchers wrote, because of their “critical role within global supply chains” and the potential for downtime to “disrupt entire economies.”
The energy sector has become another top target for IoT malware. Zscaler charted a 459% year-over-year increase in the amount of activity targeting electric utilities, oil and gas firms and other members of the sector. The proliferation of digitized industrial equipment and automated monitoring technology may be making companies more efficient, Zscaler said, but it has also “exposed vital infrastructure to attackers.”
Meanwhile, IoT malware activity targeting schools skyrocketed by 861% year over year, Zscaler said, a trend that the company attributed to classrooms’ accelerating embrace of smart devices. “With typically limited budgets for cybersecurity and expansive networks of devices,” Zscaler said, “educational institutions face challenges in securing their increasingly interconnected infrastructure, making them prime targets for exploitation.”
Other sectors that experienced significant year-over-year increases in IoT malware activity included transportation (382%), government (370%), and construction (410%).
The United States experienced 54% of the IoT attacks that Zscaler observed, with Hong Kong (15%) and Germany (7%) ranking second and third.
To defend against attacks on IoT devices, companies should rigorously monitor remote access platforms, maintain accurate asset inventories and segment their networks, Zscaler said. For mobile security, organizations should monitor user activity for suspicious behavior and enforce the same access restrictions as they do on computers.