The Forescout’s 2024H1 Threat Review has shed light on the alarming surge in vulnerabilities, ransomware attacks, and threat actors in the first half of 2024 compared to the same period in 2023. According to the report, attackers are aggressively targeting IT, IoT, and OT devices, exploiting any weak point they can find within organizations that lack visibility into their network infrastructure.
Barry Mainz, the CEO of Forescout, emphasized the importance of enhancing visibility across network infrastructure and implementing proactive security measures to combat these extensive threats. He highlighted the significance of comprehensive security strategies, including having visibility into all devices, robust access controls, and replacing outdated VPN solutions.
One of the key findings of the report is the 43% surge in published vulnerabilities in H1 2024, with 23,668 vulnerabilities reported during this period. The average number of new Common Vulnerabilities and Exposures (CVEs) per day increased significantly, reaching 111 or 3,381 per month, which is 7,112 more than in H1 2023. Notably, 20% of the exploited vulnerabilities targeted VPN and network infrastructure, underscoring the critical need for organizations to address these vulnerabilities effectively.
Ransomware attacks also continued to rise, with a 6% increase in incidents compared to H1 2023, totaling 3,085 attacks in the first half of 2024. The United States bore the brunt of these attacks, accounting for half of all incidents. Government entities, financial services organizations, and technology companies were identified as the top three targets of ransomware groups, whose numbers expanded by 55% during this period.
Furthermore, the report revealed that the U.S., Germany, and India were the most targeted countries by threat actors in H1 2024. Of the 740 threat actors tracked by Forescout, 387 were active during this period, with cybercriminals making up the majority at 50%, followed by state-sponsored actors at 40%, and hacktivists. The active threat actors predominantly originated from China, Russia, and Iran.
State-sponsored actors were observed using hacktivist fronts to target critical infrastructure, with groups like Predatory Sparrow and Karma Power linked to significant attacks under the guise of hacktivism. This shift may be driven by the need to obscure cyberwarfare activities and increase the visibility of hacking campaigns.
Notably, the report highlighted a significant increase in attacks targeting VPN and network infrastructure in H1 2024, with 15 new CVEs targeting security appliances from various vendors. These attacks often exploited zero-day vulnerabilities and targeted routers and wireless access points as the riskiest IT devices in 2024.
Elisa Constante, the VP of Research at Forescout Research – Vedere Labs, emphasized the need for organizations to extend visibility and proactive controls to unmanaged perimeter devices. Key steps include ensuring device visibility, assessing risks, patching vulnerabilities, enforcing strong credentials and multi-factor authentication, avoiding direct internet exposure, and segmenting networks to reduce breach risks and enhance overall security.
In conclusion, the Forescout’s 2024H1 Threat Review serves as a stark reminder of the evolving cybersecurity landscape, urging organizations to prioritize visibility, proactive security measures, and comprehensive strategies to safeguard against emerging threats and vulnerabilities.