IoT & OT Cyberattacks Explode Across Energy and Manufacturing: Inside Zscaler’s 2025 Warning

Industrial Operations Under Siege

Cyberattacks targeting industrial operations are spiraling out of control.
According to the 2025 Zscaler ThreatLabz report, attacks on Internet of Things (IoT) and Operational Technology (OT) systems have skyrocketed — with the energy sector seeing a 387% surge, while manufacturing and transportation each face nearly one-fifth of all IoT attacks globally.

The findings paint a grim picture for critical infrastructure, where decades-old OT systems are now converging with connected IoT devices — opening a massive attack surface that cybercriminals are rapidly exploiting.

The 2025 IoT & OT Threat Landscape: Key Findings

The Zscaler ThreatLabz report reveals striking figures that every industrial cybersecurity leader should note:

Sector	Share of IoT Attacks	YoY Growth
Energy	25%	+387%
Manufacturing	20.2%	+60%
Transportation	20.2%	+54%
Healthcare	10.4%	+32%
Others (Retail, Education, etc.)	24.2%	—

• 67% increase in Android malware activity, indicating expanding mobile-to-OT infiltration.
• 54% of all detected IoT attacks now target organizations in the United States, followed by India (14%), Brazil (8%), and Australia (5%).
• IoT botnets such as Mirai continue to dominate, targeting routers, cameras, and industrial control systems (ICS).

Why Industrial Operations Are Easy Targets

1. Legacy OT Meets Modern IoT

Most industrial networks were never designed with cybersecurity in mind.
While IoT devices rely on IP-based communication, OT systems often run on decades-old protocols like Modbus and DNP3 — lacking encryption, authentication, or visibility.
When these two environments connect, attackers can pivot easily from a single IoT sensor to an entire production line.

2. Weak Segmentation and Over-Connectivity

Zscaler found that many industrial organizations still lack proper network segmentation, allowing IoT devices to communicate freely across corporate and operational environments.
This flat network design makes it simple for intruders to move laterally once they breach a single device.

3. Rise of Exploit Kits and Command Injection Attacks

IoT and OT devices are increasingly being hijacked using:

• Remote Code Execution (RCE) vulnerabilities
• Default credentials or weak passwords
• Compromised firmware or SIM misuse
• Unpatched routers, cameras, and PLCs

Sectors Facing the Highest Risk

Energy Sector: The Epicenter of Cyberattacks

Energy systems are prime targets due to their national importance and reliance on legacy SCADA systems.
ThreatLabz recorded a 387% spike in attacks targeting energy OT networks — with many stemming from state-sponsored groups like Volt Typhoon and Salt Typhoon, which focus on disrupting energy infrastructure in the U.S. and allied nations.

Manufacturing: From Smart Factories to Soft Targets

As smart factories adopt IoT-enabled robotics and real-time analytics, they also invite new cyber risks.
Manufacturing now accounts for 20.2% of global IoT attacks, often through compromised industrial sensors, connected cameras, and remote access gateways.

Transportation & Logistics: The New Supply Chain Weak Link

From connected fleets to port logistics, transportation firms face similar vulnerabilities.
A single compromised IoT tracking device can expose entire logistics networks, leading to both financial and reputational damage.

How Attackers Are Evolving

• Botnets & Malware-as-a-Service (MaaS): Attackers now rent IoT botnets for DDoS or ransomware campaigns.
• AI-Powered Reconnaissance: Emerging AI tools help threat actors identify weak IoT endpoints at scale.
• Supply Chain Exploitation: Compromised firmware updates or third-party vendors remain common infiltration points.
• Phishing & Smishing Targeting Engineers: Mobile malware and credential theft bridge the IT–OT divide.

The Zero Trust Imperative for Industrial Cybersecurity

Zscaler’s report underscores one core message: Zero Trust must extend to the OT edge.
That means:

✅ Enforcing least-privilege access between IT, OT, and IoT layers
✅ Segmenting devices and users by role and network zone
✅ Continuous monitoring for anomalies in device behavior
✅ Blocking unauthorized SIM/eSIM connections
✅ Encrypting all data-in-transit between sensors and cloud

By adopting Zero Trust architectures and cloud-based threat detection, industrial organizations can reduce lateral movement and detect breaches earlier.

Bridging the Gap Between Compliance and Resilience

Compliance alone doesn’t equal security.
While regulations like NIST 800-82, ISA/IEC 62443, and CISA’s Shields Up provide valuable frameworks, organizations need to embed cyber resilience directly into operations.
That includes regular patching of embedded systems, real-time visibility into connected assets, and rehearsed incident-response playbooks.

What Industrial Leaders Should Do Now

1. Inventory Every Connected Asset — know every IoT/OT device across facilities.
2. Implement Network Segmentation — separate IT, OT, and IoT zones.
3. Adopt Zero Trust Principles — verify users and devices continuously.
4. Patch & Update Regularly — close vulnerabilities in routers and controllers.
5. Train Staff — ensure engineers understand phishing, malware, and mobile risks.
6. Collaborate with Vendors — require cybersecurity guarantees in supply-chain contracts.

Looking Ahead: The Next Wave of Industrial Threats

The attack landscape will only intensify.
Expect to see:

• AI-driven smishing and vishing targeting factory personnel
• 5G-enabled IoT threats exploiting low-latency connections
• Edge computing vulnerabilities as industrial data shifts closer to endpoints

As more factories, grids, and pipelines connect online, the line between cyber and physical risk is disappearing.

Conclusion: Industrial Security at a Crossroads

The Zscaler report makes one fact undeniable: industrial operations can no longer treat IoT and OT as separate from cybersecurity strategy.
The convergence of connected devices, outdated systems, and sophisticated adversaries has created the perfect storm.
Organizations that move now — embracing Zero Trust, improving visibility, and enforcing segmentation — will be the ones still standing when the next wave hits.

Frequently Asked Questions (FAQ)

Q1. What’s the difference between IoT and OT?
IoT (Internet of Things) devices are networked sensors and smart devices, while OT (Operational Technology) refers to hardware and software used to monitor and control industrial systems.

Q2. Why are energy and manufacturing sectors targeted the most?
Because they operate critical infrastructure, often run legacy systems, and downtime can cause massive disruption — making them prime ransomware targets.

Q3. What are the most common attack vectors?
Compromised IoT devices, default passwords, unpatched firmware, and lateral movement through poorly segmented networks.

Q4. Can Zero Trust really protect OT environments?
Yes — by enforcing access controls, monitoring device behavior, and isolating compromised systems, Zero Trust can significantly reduce attack impact.

Q5. What should organizations do immediately?
Audit all connected devices, enforce segmentation, patch vulnerabilities, and train teams on IoT/OT security hygiene.