Originally published June 1, 2022 In mid-2022, Forescout Research – Vedere Labs developed R4IoT, a proof-of-concept that showed how IoT devices could become entry points for IT and further OT ransomware attacks. The original blog post, below, explains how we came to create R4IoT and why. Our 2023H1 Threat Review included ample evidence that cross-device attacks like R4IoT are now a reality.

If you’re confused about cybersecurity tools and product categories, join the club. Security market confusion is a major side effect of years of increasingly sophisticated security threats and vendor innovation designed to prevent and respond to them. Add to that the growing use of AI and machine learning by both attackers and defenders and you have what can look like a vendor free-for-all.

In a new threat briefing report, Forescout Vedere Labs looks back at the most relevant cybersecurity events and data between January 1 and July 31, 2023 (2023H1) to emphasize the evolution of the threat landscape. The activities and data we saw during this period confirm trends we have been observing in our recent reports, including threats to unmanaged devices that are less often studied.

In mid-August, U.S. national security advisor Jake Sullivan sent a memo to cabinet secretaries of agencies outside the Pentagon dinging them for not complying with deadlines and steps in the 2021 Executive Order 14208 on Improving the Nation’s Cybersecurity. In doing so, he set a new timeclock ticking for submitting a detailed implementation plan by the end of September… just a few weeks away from this writing.

Cyber threats do not always come from outside an organization. Insiders, including current and former employees, contractors and other business partners with authorized access to your network, systems or data can pose significant risk, damage your reputation or even cause financial losses and business disruption. Insider threat incidents are on the rise and organizations affected by them spend on average $15.4 million on mitigation efforts.

The Rhysida ransomware as a service (RaaS) group was first revealed in May 2023. Since then, the group has claimed 41 victims, including some high-profile ones such as the Chilean army and five educational institutions in the U.S. The group is also suspected to be behind the attack against Prospect Medical Holdings, which affected 17 hospitals and 166 clinics in the U.S., although Prospect is not listed as a victim on Rhysida’s website.

On July 24, a group of researchers at Midnight Blue announced TETRA:BURST, a set of five new vulnerabilities affecting the TETRA standard for radio communication.

We recently published a blog post detailing how threat actors could leverage AI tools such as ChatGPT to assist in attacks targeting operational technology (OT) and unmanaged devices. In this blog post, we highlight why healthcare organizations should be particularly worried about this.

Since 2020, Forescout Research – Vedere Labs has been tracking the riskiest devices on organizations’ networks. In 2020, we released the first Enterprise of Things Security Report, followed in 2022 with the Riskiest Connected Devices in Enterprise Networks report. Our reports are entirely based on data coming directly from connected devices.

When I joined Forescout as CEO six months ago, I was excited to partner with our strong employees, management team and board as we take the company through its next phase of growth. Today I’m pleased to announce enhancements to the Forescout® Platform that will help customers fully understand the risk posture of their attack surface and enable their security teams to focus on remediating the assets that pose the most risk.