Forescout Technologies has released its 2024 H1 Threat Review, providing a detailed analysis of vulnerabilities, threat actors, and ransomware attacks in the first half of 2024. The report highlights a significant rise in reported vulnerabilities and an increase in ransomware activities compared to the same period in 2023.
Findings of the 2024 H1 Threat Review
The Forescout Research Vedere Labs report reveals a 43% increase in published vulnerabilities, reaching 23,668 reported cases in H1 2024. This is an average of 111 new Common Vulnerabilities and Exposures (CVEs) per day. Notably, 20% of the exploited vulnerabilities targeted virtual private networks (VPNs) and other network infrastructure, underscoring the need for heightened security in these areas.
Barry Mainz, CEO of Forescout, emphasized the need for proactive security measures, stating:
“Attackers are looking for any weak point to breach IT, IoT, and OT devices. Organisations that don’t know what they have connected to their networks or if it’s secured are being caught flat-footed.”
Ransomware on the Rise
The report also shows a 6% increase in ransomware attacks, with 3,085 incidents reported in H1 2024, compared to 2,899 in H1 2023. The United States remains the primary target, experiencing half of all ransomware attacks. Key victims include government entities, financial services, and technology companies, while the number of active ransomware groups increased by 55%.
Rise in State-Sponsored Cyber Activities
State-sponsored actors, such as Predatory Sparrow and Karma Power, have been masquerading as hacktivists, carrying out substantial cyberattacks under the guise of hacktivism. These activities may be intended to boost visibility of hacking campaigns while concealing cyberwarfare motives.
Focus on Network Infrastructure Vulnerabilities
In H1 2024, 15 new CVEs listed in the CISA known exploited vulnerabilities (KEV) catalogue targeted network infrastructure and security appliances from major vendors like Ivanti, Cisco, and Palo Alto Networks. These accounted for nearly 20% of new vulnerabilities in the CISA KEV list.
Recommendations for Strengthening Cybersecurity
Elisa Constante, VP of Research at Forescout Research Vedere Labs, emphasized the need for improved visibility and proactive controls, especially for unmanaged perimeter devices. Constante recommended key steps for organizations, including:
- Extending device visibility
- Assessing risks
- Disabling unused services
- Patching vulnerabilities
- Enforcing strong credentials and MFA
- Avoiding direct internet exposure
- Network segmentation
These measures aim to reduce breach risks and strengthen overall security posture.
