Enterprise and Critical Infrastructure Threats from Unpatched and Unmanaged Devices
Recent research highlights that enterprise networks are increasingly vulnerable due to a high prevalence of legacy, end-of-life (EOL) systems, unpatched devices, and poor network segmentation. Telemetry from over 27 million devices across 1,800 enterprises reveals that 26% of Linux and 8% of Windows systems are running unsupported operating systems, with 39% of IT devices lacking active endpoint security. Additionally, a significant portion of devices operate outside IT control, and 77% of corporate networks are poorly segmented, allowing low-security devices to share network space with high-value assets, increasing the risk of lateral movement by attackers.
Simultaneously, critical infrastructure sectors such as energy, healthcare, government, and transportation are experiencing a surge in cyberattacks targeting IoT and Android devices. Attackers are exploiting the interconnectedness of these industries for financial gain, with the U.S. being the primary target. The rise in attacks underscores the need for stringent tracking of user behaviors, robust access controls, accurate asset inventories, and improved network segmentation to mitigate risks posed by unmanaged and vulnerable devices in both enterprise and critical infrastructure environments.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Zscaler publishes findings and defensive recommendations
Zscaler researchers reported the increase in Android and IoT targeting and advised organizations to strengthen user-behavior monitoring, secure remote access, enforce robust access controls, maintain accurate asset inventories, and segment networks. The report was public by the article's publication date.
IoT attacks surge, with U.S. the most targeted country
During the same June 2024 to May 2025 period, attacks against IoT devices rose notably across manufacturing, energy, education, construction, transportation, and government sectors. The United States was the most targeted country, followed by Hong Kong and Germany.
Android attacks rise across critical infrastructure sectors
From June 2024 through May 2025, attacks targeting Android devices increased markedly in energy, healthcare, government, and transportation, while declining in agriculture, IT, and education. Manufacturing, energy, and retail were identified as primary mobile-device targets because of their financial value to attackers.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
EOL-Software gefährdet Unternehmenssicherheit
csoonline.com
Open sourceEnterprise network security blighted by legacy and unpatched systems
csoonline.com
Open sourceCritical infrastructure IoT, Android devices face mounting cyberattacks
scworld.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Enterprise Risk from Unmanaged and Diverse xIoT and OT Devices
Enterprises are increasingly exposed to cybersecurity risks due to the proliferation of unmanaged and diverse extended Internet of Things (xIoT) and operational technology (OT) devices within their networks. Research analyzing over 10 million devices across 700 organizations found that two-thirds of networked devices are not traditional IT assets, but rather include network gear, OT, IoT, and medical equipment. Common high-risk device types such as VoIP phones, IP cameras, point-of-sale systems, and uninterruptible power supplies are often widespread yet remain unmanaged, creating significant security blind spots. The diversity of device functions, vendors, and operating system versions further complicates risk management, making it challenging for security teams to identify, patch, and mitigate vulnerabilities effectively. Manufacturers, in particular, face heightened OT security challenges due to legacy technology, lack of asset visibility, and the growing number of access points resulting from mergers and acquisitions. The complexity of managing access permissions, especially with multiple users sharing admin accounts, increases the difficulty of incident response and overall security posture. Despite increased awareness of these risks, the combination of device diversity, legacy systems, and human factors continues to present substantial obstacles to securing enterprise and manufacturing environments against cyber threats.
Mar 21, 2026
Risks from Legacy and Unpatched Systems in Critical Infrastructure
A new Cisco report highlights the growing risk posed by legacy and unsupported systems within national critical infrastructure, revealing that nearly half of global business network assets were already aging or obsolete as of 2020. The United Kingdom, in particular, faces significant exposure, with 228 legacy systems identified across government in 2024 and over a quarter at high risk of operational or security failure. The report underscores that unsupported systems, often located at network edges, are prime targets for attackers, and that a majority of breaches in the EU during 2022 and 2023 exploited vulnerabilities with available but unapplied patches. Healthcare and other essential sectors are especially vulnerable due to concentrated use of outdated technology. Recent cyberattacks have increasingly targeted legacy firewalls and network devices, with state-sponsored groups exploiting known vulnerabilities in products from vendors such as Cisco, SonicWall, Palo Alto Networks, and Fortinet. Research indicates that 60% of enterprise firewalls fail high-severity compliance checks, reflecting deeper governance and patch management issues. Attackers are leveraging these weaknesses, often chaining exploits across network edges and VPNs, while defenders struggle with fragmented vendor alerts and outdated risk frameworks. The persistent use of unsupported technology and delayed patching continues to undermine national resilience and exposes critical infrastructure to significant cyber threats.
Mar 21, 2026
Enterprise Risks from Insecure Third-Party IoT Devices and Botnets
Organizations face significant cybersecurity risks from the proliferation of insecure third-party Internet of Things (IoT) devices, which often lack robust security controls and are increasingly targeted by cybercriminals. The BADBOX 2.0 botnet exemplifies this threat, having infected over a million low-cost Android-based IoT devices such as smart TVs, many of which are shipped with preinstalled malware or compromised through malicious applications. These infected devices are then leveraged to create large-scale residential proxy networks, enabling cybercriminals to conduct ad fraud, credential stuffing, and other illicit activities while masking their true origins. The FBI has warned that compromised IoT devices are being abused at scale, including on home and small office networks used for work, making them a significant liability for enterprises when connected to corporate environments. The rapid growth of IoT adoption—currently estimated at over 17 billion connected devices worldwide—has expanded the attack surface for organizations, introducing challenges such as limited device resources, inconsistent security measures, and the need for strong authentication and encryption. Security experts recommend that organizations implement rigorous procurement controls, demand verifiable updates and transparent software bills of materials from vendors, and develop comprehensive IoT security strategies that include proactive threat detection and end-to-end security frameworks. Robust IoT software testing and policy development are essential to mitigate these risks and ensure the secure operation of IoT devices within enterprise networks.
Apr 14, 2026