Forescout Technologies unveils alarming cybersecurity trends in 2025H1 threat review

Forescout's latest report sheds light on skyrocketing ransomware attacks, zero-day exploits, and increased targeting of unconventional devices.

Forescout Technologies has released its H1 2025 Threat Review, detailing over 23,000 vulnerabilities and the activities of 885 threat actors worldwide. Key findings reveal a concerning surge in ransomware, zero-day exploits, and a growing focus on non-traditional equipment.

Ransomware incidents now average 20 per day, with a 46% rise in zero-day exploits. Attackers are increasingly targeting devices like edge systems, IP cameras, and BSD servers to facilitate lateral movement across IT, OT, and IoT environments, heightening the risk to critical infrastructures.

“We’re seeing attackers gain initial access through overlooked IoT devices or infostealers, then use lateral movement to pivot across IT, OT, and IoT environments,” said Sai Molige, Senior Manager of Threat Hunting at Forescout Technologies. “Our ValleyRAT hunt, which uncovered the Chinese threat actor Silver Fox targeting healthcare systems, is a prime example. These attackers exploit blind spots to quietly escalate access.”

Vulnerabilities that were once overlooked are seeing renewed interest, with 47% of newly exploited weaknesses originating before 2025. Approximately 45% of these vulnerabilities are rated high or critical, underscoring the necessity of integrated, proactive security measures.

Specifically, the healthcare sector is experiencing unprecedented breaches, with two incidents occurring daily. In the first half of 2025 alone, nearly 30 million individuals were impacted. 76% of breaches were due to hacking or IT incidents. Vulnerabilities are being exploited in network servers and email systems, with trojanised imaging software delivering malware to patient systems emphasised as a significant threat.

The landscape is further complicated by the blurring lines between hacktivists and state-sponsored actors. In H1 2025, 137 threat actor updates were tracked, with 51% cybercriminals and a notable portion (40%) being state-sponsored, some linked to Iranian affiliated groups targeting critical infrastructure. These operations are no longer isolated or symbolic but integrate coordinated campaigns with tangible effects.

In response, Forescout advocates several risk reduction strategies:

  1. Employing agentless discovery to monitor all connected assets, including IT, OT, IoT, and healthcare systems.
  2. Assessing for vulnerabilities, regularly applying patches, and enforcing robust credentials with multifactor authentication (MFA).
  3. Isolating device types through network segmentation to mitigate lateral movement upon breach.
  4. Encrypting sensitive data both in transit and at rest.
  5. Implementing threat detection tools leveraging data from EDR, IDS, and firewalls.

This comprehensive report underscores the evolving landscape of cybersecurity threats and illustrates an urgent need for dynamic and all-encompassing protection strategies.

The numbers are in, and they paint a picture of transformation at unprecedented scale. As MIT's...
SailPoint unveils its 2025 Navigate series, highlighting cutting-edge advancements in identity and...
Aruga Cyber expands rapidly, pioneering AI-driven cyber protection for all business sizes.
ITS introduces ITS SecureEdge ensuring affordable resilience against DDoS attacks for businesses of...
Atos, a global leader in technology, has been awarded a critical EU cybersecurity services contract...
OVHcloud elevates website security with quantum-generated SSL certificates, defining a new standard...
WatchGuard Technologies introduces FireCloud Total Access, bringing Zero Trust and hybrid SASE...
Zero Networks partners with Exclusive Networks to expand its zero trust security solutions across...