-

Forescout Publishes 2024H1 Threat Review Report

Findings Include 43% Increase in Reported Vulnerabilities, State-Sponsored Groups Increasingly Posing as Hacktivists, and US is Top Ransomware Target

SAN JOSE, Calif.--(BUSINESS WIRE)--Forescout Technologies, Inc., a global cybersecurity leader, published today its “2024H1 Threat Review.” The new report reviews the current state of vulnerabilities, threat actors, and ransomware attacks in the first half of 2024 and compares them to H1 2023.

Download the full report and read the blog.

“Attackers are looking for any weak point to breach IT, IoT, and OT devices, and organizations that don’t know what they have connected to their networks or if it’s secured are being caught flat footed,” said Barry Mainz, Forescout CEO. “To mitigate these extensive threats, organizations must enhance their visibility across network infrastructure, build proactive security measures, and consider replacing outdated VPN solutions. Comprehensive security strategies, including having visibility into all devices and robust access controls, are crucial to protect against these emerging and expanding threats.”

Forescout Research – Vedere Labs “2024H1 Threat Review” key findings

Vulnerabilities Surged by 43%

  • Published vulnerabilities spiked by 43% compared to H1 2023, with 23,668 vulnerabilities reported in H1 2024
  • The average number of new CVEs per day was 111 or 3,381 per month; 7,112 more than H1 2023
  • 20% of exploited vulnerabilities affected VPN and network infrastructure, emphasizing the need for better device security

Ransomware Groups Expanded 55% and Attacks Climbed 6%

  • Ransomware attacks continued to steadily climb by 6% to 3,085 incidents, up from 2,899 during the same period last year, averaging 441 per month or 15 per day
  • The U.S. experienced half of all attacks, up from 48% in 2023
  • Government, financial services organizations, and technology companies were the top three targets
  • The number of active ransomware groups expanded 55%

U.S., Germany, and India were Top Targets

  • 387 (52%) of the 740 threat actors that Forescout tracks were active in 1H 2024. (Live group tracking information is available in this Forescout dashboard.)
  • The U.S., Germany, and India were the most targeted, with the U.S. targeted twice as often as Germany and India
  • The 387 active actors are predominantly cybercriminals (50%), including ransomware groups, state-sponsored actors (40%) and hacktivists, originating, in order of frequency of attacks, from China, Russia, and Iran

State-Sponsored Actors Using Hacktivist Fronts

  • State-sponsored actors are using hacktivist fronts to target critical infrastructure
  • Groups like Predatory Sparrow and Karma Power have been linked to significant attacks under the guise of hacktivism
  • Factors driving this shift may be the increased visibility of hacking campaigns, and the need to create a facade to obscure cyberwarfare activities

Massive VPN and Network Infrastructure Targeting

  • In H1 2024, 15 new CVEs in the CISA known exploited vulnerabilities (KEV) catalog targeted infrastructure and security appliances from vendors like Ivanti, Citrix, Fortinet, Cisco, Palo Alto Networks, Check Point, and D-Link
  • This accounts for nearly 20% of new vulnerabilities in the CISA KEV
  • These attacks frequently utilized zero-days or recently disclosed and unpatched vulnerabilities
  • Forescout research also found that routers and wireless access points are the riskiest IT devices in 2024

“Attackers are shifting from targeting managed endpoints to unmanaged perimeter devices, due to their lack of visibility and security telemetry,” said Elisa Constante, Vice President of Research at Forescout Research – Vedere Labs. “To combat this, organizations must extend visibility and proactive controls to these areas. Key steps include ensuring device visibility, assessing risks, disabling unused services, patching vulnerabilities, enforcing strong credentials and MFA, avoiding direct internet exposure, and segmenting networks. These steps will help reduce breach risks and strengthen overall security.”

To learn more about the latest Forescout research, visit the Vedere Labs website.

About Forescout

The Forescout cybersecurity platform provides complete asset intelligence and control across IT, OT, and IoT environments. For more than 20 years, Fortune 100 organizations, government agencies, and large enterprises have trusted Forescout as their foundation to manage cyber risk, ensure compliance, and mitigate threats. With seamless context sharing and workflow orchestration across more than 100 full-featured security and IT product integrations, Forescout makes every cybersecurity investment more effective.

Forescout Research – Vedere Labs is the industry leader in device intelligence, curating unique and proprietary threat intelligence that powers Forescout’s platform.

Contacts

RH Strategic for Forescout
forescoutpr@rhstrategic.com

Forescout Communications
press@forescout.com

Forescout Technologies, Inc.


Release Versions

Contacts

RH Strategic for Forescout
forescoutpr@rhstrategic.com

Forescout Communications
press@forescout.com

Social Media Profiles
More News From Forescout Technologies, Inc.

NATO Adds Forescout to Its Information Assurance Product Catalogue (NIAPC)

SAN JOSE, Calif.--(BUSINESS WIRE)--Forescout Technologies Inc., a global cybersecurity leader, today announced it has met NATO’s information assurance requirements and has been included in the NATO Information Assurance Product Catalogue (NIAPC). The NIAPC is a centralized resource for NATO nations and allied organizations to identify trusted cybersecurity solutions that meet stringent operational requirements. Maintained by the NATO Communications and Information Agency (NCIA), the NIAPC provi...

Forescout Launches New Post-Quantum Cryptography (PQC) Dashboards to Analyze Quantum-Exposure Risk Across IT, OT, IoT, and IoMT

SAN JOSE, Calif.--(BUSINESS WIRE)--Forescout Technologies Inc., a global cybersecurity leader, today announced the launch of its Post-Quantum Cryptography (PQC) Readiness and Encryption Hygiene Dashboards. The new dashboards are designed to help organizations identify, prioritize, and manage quantum risk across information technology (IT), operational technology (OT), Internet of Things (IoT), and medical devices (IoMT) environments. As organizations face new pressures from regulators, auditors...

Forescout Emphasizes AI-Driven Security with Forescout Vistaro™ Platform Rename

SAN JOSE, Calif.--(BUSINESS WIRE)--Forescout Technologies Inc., a global leader in cybersecurity, today announced the Forescout 4D Platform™ is now the Forescout Vistaro™ platform, reflecting the company’s AI-driven innovation and long-term vision for security operations. Amid escalating AI-driven threats, the Forescout Vistaro platform heralds proactive, AI-powered cybersecurity control. The platform provides comprehensive visibility and control across managed and unmanaged cyber-physical asse...
Back to Newsroom