Forescout's 2024 H1 Threat Review reveals surge in cyber threats

Forescout Technologies has released its 2024 H1 Threat Review, which presents an analysis of vulnerabilities, threat actors, and ransomware attacks in the first half of 2024, in comparison to the same period in 2023. The report reveals a significant rise in reported vulnerabilities and an increase in ransomware activities.

The new publication by Forescout Research Vedere Labs indicates a sharp 43% rise in published vulnerabilities compared to H1 2023, reaching a total of 23,668 reported cases in the first half of 2024. This equates to an average of 111 new Common Vulnerabilities and Exposures (CVEs) per day or 3,381 per month, 7,112 more than the corresponding period in the previous year. A noteworthy 20% of these exploited vulnerabilities targeted virtual private networks (VPNs) and other network infrastructure, highlighting the need for heightened security measures for these devices.

Barry Mainz, CEO of Forescout, commented on the findings, stating, "Attackers are looking for any weak point to breach IT, IoT, and OT devices, and organisations that don’t know what they have connected to their networks or if it’s secured are being caught flat-footed.

"To mitigate these extensive threats, organisations must enhance their visibility across network infrastructure, build proactive security measures, and consider replacing outdated VPN solutions," he said.

"Comprehensive security strategies, including having visibility into all devices and robust access controls, are crucial to protect against these emerging and expanding threats."

The report also highlights a 6% increase in ransomware attacks, with 3,085 incidents reported in H1 2024, up from 2,899 during the same period in 2023. This averages out to 441 attacks per month or 15 per day. The United States remains the top target, experiencing half of all such attacks, up from 48% in H1 2023. Government entities, financial services organisations, and technology companies were the primary victims of ransomware, with the number of active ransomware groups swelling by 55%.

Forescout also identified an increased activity from state-sponsored actors masquerading as hacktivists. Groups like Predatory Sparrow and Karma Power have been linked to substantial attacks under the guise of hacktivism. These fronts may be driven by the need for greater visibility of hacking campaigns and creating a facade to mask cyberwarfare activities.

In H1 2024, 15 new CVEs listed in the Cybersecurity and Infrastructure Security Agency’s (CISA) known exploited vulnerabilities (KEV) catalogue targeted network infrastructure and security appliances from vendors such as Ivanti, Citrix, Fortinet, Cisco, Palo Alto Networks, Check Point, and D-Link. This accounts for nearly 20% of new vulnerabilities in the CISA KEV list. These attacks often involved zero-day vulnerabilities or those that had been recently disclosed and remained unpatched.

Elisa Constante, Vice President of Research at Forescout Research Vedere Labs, noted, "Attackers are shifting from targeting managed endpoints to unmanaged perimeter devices, due to their lack of visibility and security telemetry.

"To combat this, organisations must extend visibility and proactive controls to these areas. Key steps include ensuring device visibility, assessing risks, disabling unused services, patching vulnerabilities, enforcing strong credentials and MFA, avoiding direct internet exposure, and segmenting networks," she said.

"These steps will help reduce breach risks and strengthen overall security."

The 2024 H1 Threat Review underscores the intensifying landscape of cybersecurity threats, with both the incidence and sophistication of attacks on the rise, necessitating more robust and comprehensive security measures across organisations.