According to Forescout Research Vedere Labs, the number of published vulnerabilities soared by 43% compared to the first half of 2023, with 23,668 cases reported in the first half of 2024.
This translates to an average of 111 new Common Vulnerabilities and Exposures (CVEs) per day, or 3,381 per month—an increase of 7,112 from the previous year.
Notably, 20% of these exploited vulnerabilities targeted virtual private networks (VPNs) and other network infrastructure, underscoring the urgent need for enhanced security protocols in these areas.
Barry Mainz, CEO of Forescout says attackers are looking for any weak point to breach IT, IoT, and OT devices, and organisations that don’t know what they have connected to their networks or if it’s secured are being caught flat-footed.
“To mitigate these extensive threats, organisations must enhance their visibility across network infrastructure, build proactive security measures, and consider replacing outdated VPN solutions,”
“Comprehensive security strategies, including having visibility into all devices and robust access controls, are crucial to protect against these emerging and expanding threats.” says Mainz
The report also reveals a 6% rise in ransomware attacks, with 3,085 incidents reported in the first half of 2024, compared to 2,899 in the same period in 2023. This averages 441 attacks per month or 15 per day.
The United States remains the top target, accounting for half of all attacks, up from 48% in H1 2023. Government entities, financial services organizations, and technology companies were the primary victims, as the number of active ransomware groups surged by 55%.
Forescout also noted increased activity from state-sponsored actors posing as hacktivists. Groups like Predatory Sparrow and Karma Power have been tied to significant attacks under the guise of hacktivism, likely aiming to boost the visibility of hacking campaigns and disguise cyberwarfare activities.
In the first half of 2024, 15 new vulnerabilities listed in the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalogue targeted network infrastructure and security appliances from vendors like Ivanti, Citrix, Fortinet, Cisco, Palo Alto Networks, Check Point, and D-Link.
The vulnerabilities—accounting for nearly 20% of the new additions to CISA’s KEV list—often involved zero-day flaws or those recently disclosed but left unpatched.
“Attackers are shifting from targeting managed endpoints to unmanaged perimeter devices due to their lack of visibility and security monitoring,” explained Elisa Constante, Vice President of Research at Forescout Research Vedere Labs.
“To combat this, organisations must extend visibility and proactive controls to these areas. Key steps include ensuring device visibility, assessing risks, disabling unused services, patching vulnerabilities, enforcing strong credentials and MFA, avoiding direct internet exposure, and segmenting networks,” says Constante
The 2024 H1 Threat Review paints a stark picture of the escalating cybersecurity threat landscape, highlighting not only a surge in the volume of attacks but also their increasing sophistication.
The growing complexity underscores the urgent need for organizations to adopt more robust and comprehensive security strategies to defend against an ever-evolving array of digital threats.
