Mobile, IoT, and OT Risks Converge in the Public Sector

Connected technology is central to how governments, healthcare providers, and schools operate today. We see it all around us: public safety cameras across cities, medical devices in hospitals, and digital learning tools used in classrooms every day. But with this dependence comes exposure and risk.

Threat actors are increasingly targeting vulnerabilities in mobile devices, IoT systems, and legacy OT environments to gain access to critical environments. And few sectors face higher stakes than the public sector when mobile, IoT, and OT systems are compromised.

New research from Zscaler ThreatLabz reveals a surge in these attacks across government, healthcare, and education over the past year. From Android malware campaigns to IoT botnets overwhelming critical systems, the convergence of connected technologies continues to extend threat actors’ reach across public sector infrastructures.

In the sections that follow, we’ll highlight key research findings from the Zscaler ThreatLabz 2025 Mobile, IoT, and OT Threat Report, including how IoT malware and mobile attacks are particularly impacting the government, healthcare, and education sectors.

Top mobile, IoT, and OT threat trends

ThreatLabz researchers identified patterns seen across industries worldwide. Three major trends stand out:

1. Android malware hides in everyday apps: Android malware rose 67% globally year-over-year, fueled by spyware and banking malware embedded in legitimate applications. Even trusted marketplaces like Google Play saw 239 malicious Android apps downloaded 42 million times.
2. IoT botnets keep amplifying risk: Botnet families such as Mirai, Gafgyt, and Mozi continue to dominate IoT threat activity, accounting for 75% of all malicious IoT payloads. These campaigns exploit unpatched routers and edge devices to rapidly expand their networks.
3. Legacy OT and supply chains remain weak links: Threat actors continue to take advantage of the overlap between outdated operational systems and vulnerable vendor ecosystems, knowing that one unpatched controller or compromised vendor update can open the door to many connected networks and critical services.

These cross-industry trends form the foundation of the public sector cyber risk story. Whether through a compromised mobile device, a hacked smart sensor, or a vulnerable control system, attackers are finding new entry points into public sector networks. Here’s how these attack patterns emerged across government, healthcare, and education between June 2024–May 2025.

Government key findings

Government agencies rely heavily on connected devices, surveillance systems, and smart city infrastructure. In the past year alone, IoT malware attacks against government systems surged by 370%, while mobile threats rose 147%.

In recent events, nation-stage groups like Volt Typhoon and Salt Typhoon have infiltrated government systems by exploiting IoT devices, public-facing routers, and other edge infrastructure to gain covert access and maintain long-term persistence.

Even local governments are vulnerable: smart traffic lights, emergency alert systems, and utility management networks can all be manipulated through IoT weaknesses. A single compromised device can cascade into widespread service disruptions, threatening public safety and trust.

Healthcare key findings

Healthcare providers remain one of the most targeted verticals for mobile and IoT attacks, as threat actors seek to exploit valuable patient data and disrupt critical care operations. Over the past year, ThreatLabz observed a 224% surge in mobile-related attacks targeting healthcare organizations, many involving Android-based malware designed to harvest credentials or compromise clinical workflows

IoT and OT systems in hospitals—from infusion pumps and MRI machines to connected HVAC systems—often run on outdated firmware or lack strong authentication. The impact of compromise can disrupt care or allow threat actors to move laterally across healthcare networks to access sensitive medical records or connected hospital systems. Even though medical devices represent a relatively small fraction of the total volume of IoT devices tracked by ThreatLabz (0.6%), they are among the most sensitive, and any compromise carries direct risks to patient safety.

Education key findings

Education has quietly become a major target for IoT malware with an 861% surge in attacks over the past year. Schools and universities are increasingly exposed through smart classroom devices, connected cameras, and online learning platforms.

Attacks recognize that education institutions often operate with limited cybersecurity budgets and device sprawl. Threat actor goals vary from stealing personal data to launching ransomware campaigns that can shut down digital learning environments.

In some cases, IoT botnets are weaponized to overwhelm university systems or hijack connected devices such as routers for broader attacks.

For additional details on the IoT malware and Android threat landscapes, read the ThreatLabz 2025 Mobile, IoT, and OT Threat Report.

Securing the public sector’s connected future

Addressing existing and emerging mobile and IoT/OT risks requires visibility and control across every connected device, application, and user. Zscaler helps organizations meet this challenge by extending zero trust protection to the people, devices, and applications that power essential public services. 

Through the Zscaler Zero Trust Exchange, public sector agencies and organizations can isolate threats, enforce segmentation, and gain comprehensive visibility into attack surfaces within dynamic, distributed environments. Whether securing a remote clinic, a university campus, or a field operations site, Zscaler delivers consistent protection and traffic monitoring across connected endpoints. This enables security teams to detect vulnerabilities early and prevent lateral movement that could disrupt essential services. 

Actionable steps for public sector leaders 

Public sector leaders can take the following actions to mitigate risk and proactively secure mobile and IoT/OT ecosystems:

1. Implement zero trust for critical networks: Adopt a zero trust architecture to secure cellular IoT connections, isolate unmanaged OT systems into “networks of one,” and prevent lateral movement by enforcing strict device segmentation.
2. Protect IoT and cellular gateways: Secure the IoT and cellular gateways that connect internal systems to cloud infrastructure through continuous traffic monitoring, anomaly detection, and firmware integrity checks to counter supply chain risks and botnet recruitment vulnerabilities.
3. Enhance supply chain risk management: Establish strict IoT device procurement and onboarding security standards that align with CISA and NIST guidelines. Require vendor compliance on encryption, secure firmware updates, and transparency.
4. Strengthen mobile endpoint protection: Deploy advanced protections for mobile endpoints, including anomaly detection for SIM-level traffic, phishing detection across all managed devices, and strict enforcement of application control policies.

5. Foster collaborative threat intelligence: Collaborate across agencies and industry partners through intelligence-sharing programs to share insights on nation-state campaigns, botnet activity, and IoT vulnerabilities.

    

Get the report: ThreatLabz 2025 Mobile, IoT, and OT Threat Report

By applying zero trust principles across mobile, IoT, and OT environments, the public sector can reduce risk, prevent lateral movement, and ensure secure delivery of essential services. 

Learn more about how connected threats are evolving—and how zero trust can help you manage and mitigate them. Explore the full research and findings in the ThreatLabz 2025 Mobile, IoT, and OT Threat Report.