Cybersecurity company Forescout Technologies has published its 2024 H1 Threat Review. The report reviews the current state of vulnerabilities, threat actors, and ransomware attacks in the first half of 2024 and compares them to the first half of 2023.
“Attackers are looking for any weak point to breach IT, IoT, and OT devices, and organisations that don’t know what they have connected to their networks or if it’s secured are being caught flat-footed,” said Forescout CEO Barry Mainz. “To mitigate these extensive threats, organisations must enhance their visibility across network infrastructure, build proactive security measures, and consider replacing outdated VPN solutions. Comprehensive security strategies, including having visibility into all devices and robust access controls, are crucial to protect against these emerging and expanding threats.”
Key findings from the report include:
- Vulnerabilities surged by 43%.
-
Published vulnerabilities spiked by 43% compared to the first half of 2023, with 23,668 vulnerabilities reported in the first half of 2024;
-
The average number of new CVEs per day was 111 or 3,381 per month, 7,112 more than in the first half of 2023; and
-
20% of exploited vulnerabilities affected VPN and network infrastructure, emphasising the need for better device security.
- Ransomware groups expanded 55% and attacks climbed 6%.
-
Ransomware attacks continued to steadily climb by 6% to 3,085 incidents, up from 2,899 during the same period last year, averaging 441 per month or 15 per day;
-
The US experienced half of all attacks, up from 48% in 2023;
-
Government, financial services organisations, and technology companies were the top three targets; and
-
The number of active ransomware groups expanded 55%.
- US, Germany, and India were the top targets.
-
387 (52%) of the 740 threat actors that Forescout tracks were active in 1H 2024;
-
The US, Germany, and India were the most targeted, with the US targeted twice as often as Germany and India;
-
The 387 active actors are predominantly cybercriminals (50%), including ransomware groups, state-sponsored actors (40%) and hacktivists, originating, in order of frequency of attacks, from China, Russia, and Iran.
- State-sponsored actors using hacktivist fronts.
-
State-sponsored actors using hacktivist fronts to target critical infrastructure;
-
Groups like Predatory Sparrow and Karma Power have been linked to significant attacks under the guise of hacktivism; and
-
Factors driving this shift may be the increased visibility of hacking campaigns, and the need to create a façade to obscure cyberwarfare activities.
- Massive VPN and network infrastructure targeting
-
In the first half of 2024, 15 new CVEs in the CISA known exploited vulnerabilities (KEV) catalogue targeted infrastructure and security appliances from vendors like Ivanti, Citrix, Fortinet, Cisco, Palo Alto Networks, Check Point, and D-Link;
-
This accounts for nearly 20% of new vulnerabilities in the CISA KEV;
-
These attacks frequently utilised zero-days or recently disclosed and unpatched vulnerabilities; and
-
Forescout research also found that routers and wireless access points are the riskiest IT devices in 2024.
“Attackers are shifting from targeting managed endpoints to unmanaged perimeter devices due to their lack of visibility and security telemetry,” said Forescout Vice President of Research Elisa Constante. “To combat this, organisations must extend visibility and proactive controls to these areas. Key steps include ensuring device visibility, assessing risks, disabling unused services, patching vulnerabilities, enforcing strong credentials and MFA, avoiding direct internet exposure, and segmenting networks. These steps will help reduce breach risks and strengthen overall security.”
You can read the full report here.