Routers remain the most targeted IoT devices, accounting for more than 75% of all attacks, according to the Zscaler ThreatLabz 2025 Mobile, IoT, and OT Threat Report.

Attackers exploit various router vulnerabilities to execute commands, propagate malware, and expand botnets, the report states. Additionally, it notes that “Netgear routers are an especially popular target.” Common exploitation methods include command injection and directory traversal techniques, which “often exploit unauthenticated remote code execution (RCE) vulnerabilities, such as CVE-2016-10174 and CVE-2018-10561 that allow threat actors to bypass authentication and execute scripts remotely.”

Top IoT threat findings include:

• The US is the top target for IoT attacks, with 54.1% of activity.
• Routers account for more than 75% of all attacks, which are mainly driven by command injection vulnerabilities.
• Manufacturing and transportation sectors together are the target of 40% of all IoT malware attacks.
• The majority of IoT malware is linked to the Mirai and Mozi malware families, with roughly 40% of blocked transactions linked to the Mirai family alone.

Mobile threats are also on the rise, with Android malware transactions increasing by 67% year-over-year. According to the report, this trend is “fueled by spyware and banking malware targeting trusted marketplaces and hybrid work environments.” For example, the ThreatLabz team identified 239 malicious Android applications, which were collectively downloaded 42 million times on the Google Play Store.

Read the complete report at Zscaler, Inc.