{"id":107557,"date":"2025-07-30T09:07:13","date_gmt":"2025-07-30T13:07:13","guid":{"rendered":"https:\/\/forescoutstage.wpengine.com\/?page_id=107557"},"modified":"2025-08-01T13:00:09","modified_gmt":"2025-08-01T17:00:09","slug":"2025h1-threat-review","status":"publish","type":"page","link":"https:\/\/www.forescout.com\/research-labs\/2025h1-threat-review\/","title":{"rendered":"2025H1 Threat Review"},"content":{"rendered":"

2025H1 Threat Review<\/h1>\n

Vulnerabilities, Threat Actors, and Ransomware <\/h3>\n

Once again, Forescout Research \u2013 Vedere Labs widens its mid-year lens with a macro look at the most pressing cybersecurity risks to date. From 3,649 ransomware attacks to state-sponsored intrusions to new trends in lateral movement, here are the new threat patterns and cyber attack behavior you need to know right now.<\/p>\n

Get the research get the newsletter<\/p>\n

\u00a0<\/p>\n

Year Over Year Increases: By the Numbers<\/h2>\n

<\/p>\n

\n80%+<\/h3>\n

CISA KEV additions<\/p>\n

<\/p>\n

\n46%+<\/h3>\n

0-day exploits<\/p>\n

<\/p>\n

\n36%+<\/h3>\n

Ransomware attacks<\/p>\n

<\/p>\n

\n20\/day<\/h3>\n

Ransomware attacks<\/p>\n

137 Threat Actors, Origins, and Countries Targeted<\/h2>\n

China, Russia and Iran have the highest number of threat actors. The US, India, the UK, Germany, and Australia are the countries most targeted by threat actors.<\/p>\n

<\/p>\n

read the blog<\/a><\/p>\n

\n<\/figure>\n

Key Trends: Attackers Move Across the Network<\/h2>\n

What we predicted in our 2022 \u201cR4IoT\u201d research scenario is now a reality: IP cameras and BSD systems are now common targets increasingly used for lateral movement or operational impact in ransomware campaigns. These asset types often fall outside the coverage of traditional endpoint protections. <\/p>\n

<\/p>\n

Key Trends: Is It Hacktivism or a State-Sponsored Attack?<\/h2>\n

In today\u2019s geo-political landscape, this line is increasingly blurred, often by design. Identity-shifting threat actors use this ambiguity to confuse attribution and complicate response. The image is from the group \u201cAPT Iran\u201d who has claimed many attacks against Israel and the US in 2025, but have not been independently verified.<\/p>\n

Attacks Targeting Industries<\/h2>\n

The most targeted industries are government, technology, financial services, telecommunications, and energy. Financial services dropped from second to third place while energy rose from eighth to fifth \u2014 reflecting increased threat activity against this sector. <\/p>\n

Exploited Zero Days by Targeted Vendor<\/h2>\n

In 2025H1, 63 vulnerabilities were exploited as 0-days, up from the 43 in 2024H1. These 0-days impacted products from 27 vendors: 2025 is on track to exceed the record 100 exploited 0-days from 2024.
\nIoMT devices \u2013 pump controllers, medication dispensing systems and workstations \u2013 have some of the most dangerous vulnerabilities \u2013 and highlight healthcare security risks.\n\n

Ransomware Attacks Per Industry<\/h2>\n

The top five industries remain in the top 5 with a minor change: Healthcare had more attacks than retail last year. Financial services: +72% more ransomware in 2025H1. Retail increased 66% YoY. Technology rose by 48%. Manufacturing increased by 24%.<\/p>\n

\"2025H1<\/a><\/p>\n

Dive Into the Research<\/h2>\n

Stay on top of this year\u2019s trends, so you can know where to focus your cybersecurity and OT defenses. Get all the data and analysis, including:<\/p>\n