Forescout Technologies has released its H1 2025 Threat Review, detailing over 23,000 vulnerabilities and the activities of 885 threat actors worldwide. Key findings reveal a concerning surge in ransomware, zero-day exploits, and a growing focus on non-traditional equipment.
Ransomware incidents now average 20 per day, with a 46% rise in zero-day exploits. Attackers are increasingly targeting devices like edge systems, IP cameras, and BSD servers to facilitate lateral movement across IT, OT, and IoT environments, heightening the risk to critical infrastructures.
“We’re seeing attackers gain initial access through overlooked IoT devices or infostealers, then use lateral movement to pivot across IT, OT, and IoT environments,” said Sai Molige, Senior Manager of Threat Hunting at Forescout Technologies. “Our ValleyRAT hunt, which uncovered the Chinese threat actor Silver Fox targeting healthcare systems, is a prime example. These attackers exploit blind spots to quietly escalate access.”
Vulnerabilities that were once overlooked are seeing renewed interest, with 47% of newly exploited weaknesses originating before 2025. Approximately 45% of these vulnerabilities are rated high or critical, underscoring the necessity of integrated, proactive security measures.
Specifically, the healthcare sector is experiencing unprecedented breaches, with two incidents occurring daily. In the first half of 2025 alone, nearly 30 million individuals were impacted. 76% of breaches were due to hacking or IT incidents. Vulnerabilities are being exploited in network servers and email systems, with trojanised imaging software delivering malware to patient systems emphasised as a significant threat.
The landscape is further complicated by the blurring lines between hacktivists and state-sponsored actors. In H1 2025, 137 threat actor updates were tracked, with 51% cybercriminals and a notable portion (40%) being state-sponsored, some linked to Iranian affiliated groups targeting critical infrastructure. These operations are no longer isolated or symbolic but integrate coordinated campaigns with tangible effects.
In response, Forescout advocates several risk reduction strategies:
- Employing agentless discovery to monitor all connected assets, including IT, OT, IoT, and healthcare systems.
- Assessing for vulnerabilities, regularly applying patches, and enforcing robust credentials with multifactor authentication (MFA).
- Isolating device types through network segmentation to mitigate lateral movement upon breach.
- Encrypting sensitive data both in transit and at rest.
- Implementing threat detection tools leveraging data from EDR, IDS, and firewalls.
This comprehensive report underscores the evolving landscape of cybersecurity threats and illustrates an urgent need for dynamic and all-encompassing protection strategies.
