Forescout
Technologies, Inc., published
today its "2024H1
Threat Review." The new report reviews the current
state of vulnerabilities, threat actors, and ransomware attacks in the first
half of 2024 and compares them to H1 2023.
"Attackers are
looking for any weak point to breach IT, IoT, and OT devices, and organizations
that don't know what they have connected to their networks or if it's secured
are being caught flat footed," said Barry Mainz, Forescout CEO. "To mitigate
these extensive threats, organizations must enhance their visibility across
network infrastructure, build proactive security measures, and consider
replacing outdated VPN solutions. Comprehensive security strategies, including
having visibility into all devices and robust access controls, are crucial to
protect against these emerging and expanding threats."
Forescout Research - Vedere Labs "2024H1 Threat
Review" key findings
Vulnerabilities
Surged by 43%
-
Published vulnerabilities spiked by 43% compared to H1
2023, with 23,668 vulnerabilities reported in H1 2024
-
The average number of new CVEs per day was 111 or 3,381
per month; 7,112 more than H1 2023
-
20% of exploited vulnerabilities affected VPN and network
infrastructure, emphasizing the need for better device security
Ransomware
Groups Expanded 55% and Attacks Climbed 6%
-
Ransomware attacks continued to steadily climb by 6% to
3,085 incidents, up from 2,899 during the same period last year, averaging 441
per month or 15 per day
-
The U.S. experienced half of all attacks, up from 48% in
2023
-
Government, financial services organizations, and
technology companies were the top three targets
-
The number of active ransomware groups expanded 55%
U.S., Germany,
and India were Top Targets
-
387 (52%) of the 740 threat actors that Forescout tracks
were active in 1H 2024. (Live group tracking information is available in this Forescout
dashboard.)
-
The U.S., Germany, and India were the most targeted, with
the U.S. targeted twice as often as Germanyand India
-
The 387 active actors are predominantly cybercriminals
(50%), including ransomware groups, state-sponsored actors (40%) and
hacktivists, originating, in order of frequency of attacks, from China, Russia,
and Iran
State-Sponsored
Actors Using Hacktivist Fronts
-
State-sponsored actors are using hacktivist fronts to
target critical infrastructure
-
Groups like Predatory Sparrow and Karma Power have been
linked to significant attacks under the guise of hacktivism
-
Factors driving this shift may be the increased
visibility of hacking campaigns, and the need to create a facade to obscure
cyberwarfare activities
Massive VPN and
Network Infrastructure Targeting
-
In H1 2024, 15 new CVEs in the CISA known exploited
vulnerabilities (KEV) catalog targeted infrastructure and security appliances
from vendors like Ivanti, Citrix, Fortinet, Cisco, Palo Alto Networks, Check
Point, and D-Link
-
This accounts for nearly 20% of new vulnerabilities in
the CISA KEV
-
These attacks frequently utilized zero-days or recently
disclosed and unpatched vulnerabilities
-
Forescout research also found that routers and wireless
access points are the riskiest
IT devices in 2024
"Attackers are
shifting from targeting managed endpoints to unmanaged perimeter devices, due
to their lack of visibility and security telemetry," said Elisa Constante,
Vice President of Research at Forescout Research - Vedere Labs. "To combat
this, organizations must extend visibility and proactive controls to these
areas. Key steps include ensuring device visibility, assessing risks, disabling
unused services, patching vulnerabilities, enforcing strong credentials and
MFA, avoiding direct internet exposure, and segmenting networks. These steps
will help reduce breach risks and strengthen overall security."