Cookie Consent by Privacy Policies Generator website Forescout Releases 2023H1 Threat Review :

Citylife > Press Release
  Home Contact us Add to Favourites
Most Recent Postings
More Press Releses
Featured Sections

Event Finder
A daily roundup of exhibitions, promotions and other events in Dubai and the rest of the Emirates.
Submit an Event
Latest Dubai Press Releases >>

Dubai, United Arab Emirates, 13 September 2023: In a new threat briefing report, Forescout Vedere Labs looks back at the most relevant cybersecurity events and data between January 1 and July 31, 2023 (2023H1) to emphasize the evolution of the threat landscape. The activities and data Forescout saw during this period confirm trends it has been observing in its recent reports, including threats to unmanaged devices that are less often studied.
Overall, 2023H1 continued the trend of threat actors exploiting an increasingly diverse attack surface. Notably, Forescout saw more evidence of the type of “cross-device” attacks it first demonstrated with R4IoT and then observed with botnets such as Chaos. Some threat actors are now routinely mixing traditional endpoints with unmanaged devices such as VPN appliances, routers, NAS and building automation devices as part of their attack campaigns.
Below, Forescout distills the key findings of the report and provide mitigation recommendations.
H2: Building automation devices are becoming increasingly easy targets.
Mirai botnet variants in 2023H1 have been exploiting a new vulnerability on an access control device that was already a target in the past, as well as vulnerabilities on devices used to monitor solar power generation in small facilities. Additionally, Schneider Electric published an advisory in April about publicly available exploits targeting vulnerabilities from 2020 and 2022 in their KNX devices and linking back to a previous advisory about attacks on these systems. Later, CISA declared all devices using certain configurations of the popular KNX protocol to be vulnerable, while more than 12,000 of those devices are exposed online.
There were at least 25 CISA vulnerability advisories in the period related to devices used in building automation functions such as access control and power management. Looking into Shadowserver statistics, Forescout saw 13 vulnerabilities on building automation devices from nine vendors that are being exploited, while none of them is yet present on CISA's Known Exploited Vulnerabilities (KEV) catalog.
H2: Network infrastructure has become a favorite target for initial access and traffic proxying.
Several Russian and especially Chinese state-sponsored actors have been focusing on exploiting vulnerabilities on and developing custom malware for routers and VPN devices, while cybercriminals are leveraging routers and other compromised devices for residential proxies. Increased activity targeting network infrastructure led CISA to issue a specific operational directive about reducing the risks from these devices in June.
H2: NAS devices often host malware other than traditional DDoS botnets.
In a report in July, Forescout showed how network attached storage (NAS) had recently become the riskiest IoT device on organizations networks, partly because of targeted ransomware campaigns that compromised thousands of devices and partly because of how often they are exposed online. In 2023H1, Forescout also saw new vulnerabilities being exploited (such as CVE-2023-27992), vulnerabilities ranking among the top exploited (such as CVE-2022-27593) and advanced malware such as Raspberry Robin, which targets traditional IT, being distributed via compromised NAS on the internet.
H2: The ransomware landscape never stops changing.
Although ransomware has probably been the most prominent threat for at least the last five years, groups continue to morph, appearing and disappearing quickly, sometimes being used to disguise state-sponsored activities. In  2023H1, Forescout saw new families distributing ransomware packaged with infostealers, hacktivists using custom ransomware on OT devices and established families experimenting with ransomware on embedded devices.
Some well-known ransomware gangs remain very active even after one year, such as LockBit, Cl0p and ALPHV, but other groups that were relevant last year have disappeared, such as Conti and Hive, due to internal conflicts, law enforcement takedowns or by rebranding to stay under the radar. Entirely new groups now also figure among the most active, such as Malas and 8Base. Overall, the ransomware landscape is more fragmented this year with 53 groups reporting attacks, 36% more than the 39 groups in the same period last year.
Ransomware victims were located in more than 100 countries, but almost half (48%) are in the U.S., followed by several European countries (26% in total). The other roughly 25% are spread across the world. The services industry was the top target, with 16% of attacks, followed by manufacturing (13%) and technology (11%). Other top targets include healthcare, retail, financial services and education.
H2: Other notable observations: old favorites and new tools
Most vulnerabilities added to the CISA KEV catalog are from before 2023. Although new vulnerabilities are dangerous because usually there hasn't been enough time to patch, organizations tend to dismiss older vulnerabilities, believing that they present lower risk. The KEV catalog includes evidence of older vulnerabilities being exploited not only on IT software but also building automation devices. Some of the exploited vulnerabilities in Table 1 are more than five years old.
Attackers are increasingly using open-source tools as part of their infrastructure. The trend to commoditize attack tools continues strongly. Malicious actors now have a wide choice of open-source tools, developed as legitimate applications, that they can use in campaigns, from phishing attacks to command-and-control infrastructure.
H2: What the numbers tell us about the threat landscape
During the first six months of 2023, Forescout saw:
• 16,556 new vulnerabilities get published, an average of 78 new CVEs per day or 2,365 per month. That is 2,220 more than in the same period of last year, an increase of 15%. Of the new vulnerabilities, 17% had a critical score.
• 113 CVEs added to CISA's KEV catalog, which brought the catalog to a total of 981 vulnerabilities (a 13% increase). An average of 16 new vulnerabilities were added per month. Most of these newly exploited vulnerabilities (52%) were not published in 2023. There was a vulnerability added from 2004 and four vulnerabilities added that affect end-of-life products.
• 182 updates about threat actors. These are mostly cybercriminals (51%), including ransomware groups, followed by state-sponsored actors (39%) and hacktivists (8%). These actors come mostly from Russia (25%), China (16%) and Iran (13%).
• 150 countries being targeted by these threat actors. The top targets were the U.S. (67% of actors), the U.K. (35%) and Germany (32%). The top targeted industries were government (53% of actors), financial services (49%) and technology (43%).
• 2,809 ransomware attacks, up from 2,526 in the same period last year (an increase of 11%). That is an average of 401 attacks per month or 13 per day.
H2: Mitigation recommendations
Based on all the observations of this period, Forescout recommends the following concrete risk mitigation actions:
• Prioritize extending visibility, risk mitigation and network segmentation to cover the increased attack surface being exploited. Some of the devices being leveraged in attacks, such as network infrastructure, may already be in your radar but other types, such as NAS and building automation, are more likely to be forgotten during risk assessments. These, and other risky devices, are all now relevant for attackers, so you need to ensure that you proactively secure them. That means you should, at a minimum:
1. Have the proper visibility into these devices in terms of their presence on the network, the software they run and who they communicate with
2. Understand their risk in terms of vulnerabilities, weak configurations, exposure and other factors
3. Segment them properly to prevent threats from moving between network segments of different criticalities
• Do not overlook older vulnerabilities and end-of-life systems. Although there are new CVEs being published all the time, the old ones that still work against your devices will get exploited just as well. Make sure your risk assessment tool also helps you prioritize which vulnerabilities to patch and which devices to replace. Pay attention to vulnerabilities that may have been forgotten in previous patching cycles but are now being leveraged by threat actors.
• Ensure that threat detection covers every device in the whole organization. Because threats now move from one type of device to another, you must be able to detect them across the organization – from an entry point that may be a vulnerable router to a pivot point that may be a misconfigured workstation and finally to a target that may be an insecure OT device. Make sure your threat detection solution covers all types of devices and multiple sources of data, including firewalls, intrusion detection systems, endpoint detection and response, and others.
• Follow the latest threat intelligence about ransomware and other actors. As threat actors continue to evolve and their targets change, you need to stay up-to-date by consuming the latest threat intelligence, whether that is machine-readable indicators of compromise or threat reports from leading cybersecurity researchers.
• Hunt for threats using emerging tools. Once you are confident you can detect threats in your environment that use traditional tools (such as Cobalt Strike), it's time to extend your capabilities to detect emerging tools, such as Sliver. Threat actors move fast when using new tools, so you need to keep up the pace.

Posted by : GoDubai Editorial Team
Viewed 7737 times
Posted on : Wednesday, September 13, 2023  
Replication or redistribution in whole or in part is expressly prohibited without the prior written consent of
Previous Story : SailGP-and-Mubadala-bring-the-World's-Most-Exciting-Racing-on-Water-to-the-UAE's-Capital-for-the-Fir...
Next Story : UAE's-Financial-Wealth-to-Grow-by-5.5-Annually,-Reaching-USD-1.3-Trillion-by-2027
Email this article Print this article

Share this article with your friends and followers


Back to Top  
Most Viewed Press Release posted in the last 7 days
  • World's First Sheglam Store in the Middle East [31759-Views]
  • Dubai Jewellery Group Dazzles with Unprecedented Offers at the Dubai Shoppi... [17282-Views]
  • Kia Unveils its All-New K3 for the first time in the Middle East at Riyadh ... [10726-Views]
  • Formula E's GEN4 Suppliers Confirmed, To Debut in Season 13 [8413-Views]
  • Dubai's Charitable Preloved Clothes Chain Thrift For Good Pledges 100% of P... [5076-Views]
  • Delight in unforgettable Festive Season at Grand Millennium Al Wahda in th... [5018-Views]
  • Dubai Airports Celebrates UAE 52nd Union Day and Embraces the Year of Susta... [4612-Views]
  • Fouquet's Dubai Launches “Pardon My Brunch” [4366-Views]
  • Dubai Free Zones Council Enhances the Attraction of National Talent and Str... [4215-Views]
  • niluu the Vegan Silkwear Brand Celebrates the Animal Kingdom with Elegant P... [4014-Views]
  • BlackBerry Quarterly Global Threat Intelligence Report Shows 70 Percent Inc... [3956-Views]
  • Theyab Bin Mohamed Bin Zayed Witnesses Signing of Strategic Partnership bet... [3899-Views]
  • Emirates Post Group unveils Two Commemorative Stamp Sets Celebrating UAE's ... [3838-Views]
  • Zero-Emission Vehicle Innovator Wisdom Motor Brings the GCC's First 12-Mete... [3797-Views]
  • Brookes Education Group and Enlightened Minds Partner to Unlock Student Pot... [3702-Views]
  • World Tennis League Unveils Full Player Roster with Thrilling Matchups Set ... [3690-Views]
  • ADEK's Khotwa Program Strengthens College Associations in Australia and New... [3641-Views]
  • Revolutionizing Crop Growth: Tadweer Signs $2.5m Milestone Agreement with A... [3633-Views]
  • Katch International Launches a Dedicated Department Focused on Sustainabili... [3579-Views]
  • Max Mara Celebrates Yara Shahidi as the 2023 WIF Max Mara Face of the Futur... [3555-Views]
  • Dubai Police and Arabian Automobiles Join Forces to Showcase GHIATH Smart P... [3526-Views]
  • Trillion Bees Coalition Launches at COP28 [3407-Views]
  • Tetra Pak and United Paper Mills announce next step in Landmark Agreement t... [3387-Views]
  • Students from Swiss International School Dubai compete at their 'Boarding O... [3341-Views]
  • Dubai Airports Celebrates Milestone in making DXB more inclusive for People... [3268-Views]
  • Ajman Tourism Unveils "TESLAM - UAE" Art Exhibition to Celebrate ... [3247-Views]
  • Dubai Healthcare City Records a 12% Year-on-Year Increase as it Celebrates ... [3223-Views]
  • Etihad to Fly Big Bird to the Big Apple [3157-Views]
  • IATA and ARC Extend Direct Data Solutions Partnership [3157-Views]
  • Dubai Airports Unveils Exceptional Welcome for COP28 Delegates [3141-Views]
  • Mohammed Bin Rashid Library Celebrates 52nd UAE National Day With a Line-Up... [3071-Views]
  • Dubai Health Authority marks Commemoration Day [3034-Views]
  • Dubai Municipality Team wins Title of the Cricket Competition of the 5th &q... [3001-Views]
  • Summary of Weekly Real Estate Transactions for the Week Ending 01 December ... [2960-Views]
  • OMEGA Launches Winter Tales [2952-Views]
  • TCL unveils Exclusive Offer with the 98-inch C755 QD-Mini LED 4K TV for Ult... [2862-Views]
  • Dubai Airports Joins WEF's 'Airports of Tomorrow' to Pave the Way for a Sus... [2854-Views]
  • Join Asha's on a Culinary Journey to Celebrate UAE's Glorious 52nd National... [2841-Views]
  • SKIN111 Elevates the Luxury Wellness Experience as the Official Wellness pa... [2837-Views]
  • Dubai Airports Achieves Sustainability Milestone - Cutting Waste to Landfil... [2800-Views]
  • Team Abu Dhabi primed for Double UAE Challenge [2677-Views]
  • The Science Behind the Rise of Bingo Gamblers [2583-Views]
  • ‘Brands of India' to Generate Business Worth US$ 350 million in 3 Years for... [2571-Views]
  • Pause in Fighting Allows Delivery of Life-Saving Food Assistance in Gaza, b... [2497-Views]
  • Mleiha Archaeological Centre Gears Up for a Memorable Geminids Meteor Showe... [2485-Views]
  • Her Highness Sheikha Latifa bint Mohammed bin Rashid Al Maktoum on Martyr's... [2476-Views]
  • Al Cazar: A Legacy of Culinary Excellence [2444-Views]
  • The Federal Geographic Information Center Launches the General Map of the U... [2423-Views]
  • High-level Russian Sports Delegation visits Hamdan Sports Complex [2325-Views]
  • Win Big This Dubai Shopping Festival with Out of This World Raffles and Pri... [2308-Views]