{"id":107597,"date":"2025-08-04T07:00:08","date_gmt":"2025-08-04T11:00:08","guid":{"rendered":"https:\/\/forescoutstage.wpengine.com\/?p=107597"},"modified":"2025-09-12T10:24:03","modified_gmt":"2025-09-12T14:24:03","slug":"midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places","status":"publish","type":"post","link":"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/","title":{"rendered":"Midyear Threat Report: Numbers Grow in Nearly All the Wrong Places"},"content":{"rendered":"<p>In the first half of 2025, Forescout Research \u2013 Vedere Labs published a wide range of <a href=\"\/blog\/\">blogs<\/a> and <a href=\"\/threat-briefings\/\">reports<\/a> analyzing some of the most prominent developments in the cybersecurity threat landscape, from vulnerabilities and ransomware campaigns to the shifting behavior of threat actors.<\/p>\n<p>Our data shows that cybercriminals continue to rely on familiar \u00a0IT-based tactics for malware delivery, particularly via ClickFix, which has emerged as a favorite tool for deploying both infostealers and ransomware. At the same time, ransomware operators are expanding the <a href=\"\/research-labs\/the-riskiest-devices-of-2025\/\">types of assets leveraged in their attacks<\/a>, often in an attempt to bypass EDR solutions.<\/p>\n<p>Network infrastructure remains a popular initial access point, with over 20% of newly exploited vulnerabilities in H1 targeting these devices. But we\u2019ve also seen attackers exploiting IP cameras and BSD servers for lateral movement and impact.<\/p>\n<p>Beyond traditional cybercrime, the line between hacktivists and state-sponsored actors has become increasingly blurred, especially in attacks on critical infrastructure. What was once the exclusive domain of shadowy state actor groups is now often executed by faketivist fronts. We explored this trend in depth in our <a href=\"\/blog\/the-state-of-state-sponsored-hacktivist-attacks\/\">April report<\/a>. Since then, escalating conflict in the Middle East has triggered renewed concern over Iranian hacktivist campaigns reaching targets in the US and Europe, \u00a0echoing the notorious <a href=\"\/blog\/cyber-aveng3rs-attack-water-treatment-plant\/\">CyberAv3ngers campaign of late 2023<\/a>.<\/p>\n<p>Our <a href=\"\/resources\/2025h1-threat-review\/\">new threat briefing<\/a> reviews developments between January 1 and June 30, 2025 (2025H1) analyzing how the threat landscape has shifted compared with the same period in 2024. It includes a detailed examination of Iranian hacktivist activity and a breakdown of global attack trends.<\/p>\n<div style=\"margin: 10px 0 20px 0; border-top: 1px solid #CCCCCC; border-bottom: 1px solid #CCCCCC; padding: 10px 0 10px 0;\">\n<h4>Go deeper: See our <a href=\"\/research-labs\/2025h1-threat-review\/\">interactive research page<\/a> for all the most impactful trends in 2025.<\/h4>\n<\/div>\n<h2>Beyond the Numbers: Cybercrime Evolution, Healthcare Breaches, and Opportunistic OT Attacks<\/h2>\n<p><a href=\"\/resources\/2025h1-threat-review\/\">The full report<\/a> goes deeper than raw metrics, offering analysis of how threat actor behavior continues to evolve, particularly in relation to ransomware, infostealers, healthcare breaches and OT exposure.<\/p>\n<h3>Ransomware and Infostealers<\/h3>\n<p>Most cybercriminal campaigns in 2025H1 involved either ransomware or infostealers. Several TTPs stood out:<\/p>\n<ul>\n<li><strong>Initial access<\/strong>: Widespread use of Initial Access Brokers (IABs) and exploitation of VPNs, remote access tools, and file transfer solutions.<\/li>\n<li><strong>ClickFix campaigns<\/strong>: Attackers trick users into copying and executing malicious PowerShell commands. First observed in late 2024, ClickFix has been gaining traction in 2025 and is now a favored delivery method for infostealers and occasionally ransomware.<\/li>\n<li><strong>New asset types exploited<\/strong>: In March 2025, Akira ransomware was deployed <a href=\"https:\/\/www.s-rminform.com\/latest-thinking\/camera-off-akira-deploys-ransomware-via-webcam\" target=\"_blank\" rel=\"noopener\">via a compromised IP camera<\/a>, echoing our 2022 R4IoT scenario. Also in March, the VanHelsing ransomware family introduced a multi-platform encryptor including support for BSD UNIX systems, with <a href=\"https:\/\/www.group-ib.com\/blog\/ransomhub-never-sleeps-episode-1\/\" target=\"_blank\" rel=\"noopener\">RansomHub<\/a> and <a href=\"https:\/\/www.group-ib.com\/blog\/hunters-international-ransomware-group\/\" target=\"_blank\" rel=\"noopener\">Hunters International<\/a> also developing FreeBSD variants.<\/li>\n<\/ul>\n<h3>Healthcare Sector Under Pressure<\/h3>\n<p>Healthcare remained one of the top targeted industries. According to <a href=\"https:\/\/health-isac.org\/cybersecurity-trends-and-threats-to-theglobal-health-sector-2025-q1\/\" target=\"_blank\" rel=\"noopener\">Health-ISAC<\/a>, ransomware, VPN vulnerabilities, and compromised credentials were the most persistent risks. <a href=\"\/blog\/critical-condition-the-growing-threat-of-healthcare-data-breaches\/\">Data breaches also surged<\/a>. In 2025H1:<\/p>\n<ul>\n<li>341 healthcare breaches were reported in the US, each affecting over 500 individuals<\/li>\n<li>29,799,648 individual identities were impacted<\/li>\n<li>74% of breaches occurred at healthcare providers<\/li>\n<li>76% were due to hacking\/IT incidents<\/li>\n<li>62% of breached data was located on network servers<\/li>\n<\/ul>\n<h3>Opportunistic Attacks on OT<\/h3>\n<p>Not all OT attacks are targeted. Increasingly, <a href=\"\/blog\/since-stuxnet-a-brief-history-of-critical-infrastructure-attacks\/\">opportunistic threat actors<\/a>, including hacktivists, are scanning and striking vulnerable OT environments indiscriminately. We track these through two lenses:<\/p>\n<ul>\n<li><strong>Hacktivists claiming OT attacks.<\/strong> In 2025H1 we continued to observe hacktivist groups aligning with nation-state interests to <a href=\"\/resources\/threat-report-the-increasing-threat-posed-by-hacktivist-attacks\/\">disrupt cyber-physical systems<\/a>. Increasingly, state-sponsored actors are <a href=\"\/blog\/the-state-of-state-sponsored-hacktivist-attacks\/\">adopting hacktivist personas<\/a> to obscure attribution, amplify psychological impact and provoke geopolitical tension under the guise of grassroots hacktivism. Recent examples include pro-Iranian groups such as GhostSec and Arabian Ghosts <a href=\"https:\/\/outpost24.com\/blog\/hacktivist-cyber-operations-iran-israel\/\" target=\"_blank\" rel=\"noopener\">attacking PLCs in Israel<\/a>. Meanwhile, pro-Russian actors like Sector16 and Z-Pentest launched disruptive campaigns targeting <a href=\"https:\/\/industrialcyber.co\/control-device-security\/cyble-details-russian-hacktivist-group-sector-16-targeting-us-oil-infrastructure-in-alarming-data-breaches\/\" target=\"_blank\" rel=\"noopener\">oil and gas facilities<\/a> in the US.<\/li>\n<\/ul>\n<p>These groups often post edited screenshots, videos, and technical walk-throughs of compromised systems across Telegram and other platforms, blurring the line between real capability and propaganda.<\/p>\n<p>In the full report, we provide a deep dive into\u00a0 APT IRAN, a newly emergent Iranian persona that appears to carry forward the OT\/ICS targeting playbook of CyberAv3ngers. The group\u2019s messaging, targeting choices, and defacement tactics suggest it may be the latest identity in a broader IRGC-run faketivist continuum..<\/p>\n<ul>\n<li><strong>Internet-wide scanning and honeypot activity.<\/strong> Data from our <a href=\"\/research-labs\/threat-intelligence\/\">Adversary Engagement Environment (AEE)<\/a> shows continued growth in scans of OT protocols. <a href=\"\/research-labs\/2024-threat-roundup\/\">Last year<\/a>, we saw growing dominance of Modbus as the most scanned OT protocol and an increase in scans related to building automation protocols such as BACnet, KNX and Fox. Both trends continued in 2025H1. Modbus now accounts for 57% of OT interactions in the AEE (up from 40%), and BACnet is the third most popular at 8% of interactions (up from fifth place at 7% of interactions in 2024). EtherNet\/IP remained in second position with 20% of interactions, down from 28% in 2024.<\/li>\n<\/ul>\n<div style=\"margin: 10px 0 20px 0; border-top: 1px solid #CCCCCC; border-bottom: 1px solid #CCCCCC; padding: 10px 0 10px 0;\">\n<h4>Watch Vedere Labs leaders discuss the specifics of the threat hunting and honeypot activities fueling our report. <\/h4>\n<figure class=\"video-player\"><div data-video-url=\"https:\/\/youtu.be\/FT-G1SMSNK0?si=LyEqjFAgH_4S1ASs\"><\/div>\n<\/figure>\n<\/div>\n<p>&nbsp;<\/p>\n<h2>APT IRAN and Shifting Identities \u2013 A Continuum of Iranian Hacktivist Threats to OT\/ICS<\/h2>\n<p>Iranian hacktivist groups, often <a href=\"\/blog\/the-state-of-state-sponsored-hacktivist-attacks\/\">state-sponsored faketivists<\/a>, have targeted US and Israeli OT\/ICS environments since at least 2020. Their campaigns typically spike in response to geopolitical events and frequently rely on psychological warfare, including exaggerated or fabricated claims.<\/p>\n<p>At the end of H1, a with a new persona ,APT IRAN, began claiming attacks on the same types of PLCs previously targeted by CyberAv3ngers. The group appears to be another iteration of a recycled IRGC-linked identity. The full report explores APT IRAN\u2019s messaging, tooling, and close operational overlap with its predecessors.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-107617\" src=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-cyber-av3ngers.jpg\" alt=\"\" width=\"738\" height=\"589\" srcset=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-cyber-av3ngers.jpg 738w, https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-cyber-av3ngers-300x239.jpg 300w\" sizes=\"auto, (max-width: 738px) 100vw, 738px\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-107619\" src=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-apt-iran.jpg\" alt=\"\" width=\"556\" height=\"528\" srcset=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-apt-iran.jpg 556w, https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-apt-iran-300x285.jpg 300w\" sizes=\"auto, (max-width: 556px) 100vw, 556px\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-107618\" src=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-apt-iran-2.jpg\" alt=\"\" width=\"606\" height=\"753\" srcset=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-apt-iran-2.jpg 606w, https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-apt-iran-2-241x300.jpg 241w\" sizes=\"auto, (max-width: 606px) 100vw, 606px\" \/><\/p>\n<p>&nbsp;<\/p>\n<h2>Mitigation Recommendations<\/h2>\n<p>We encourage all organizations to prioritize <a href=\"\/solutions\/asset-inventory\/\">visibility<\/a>, <a href=\"\/solutions\/risk-and-exposure-management\/\">risk assessment<\/a> and <a href=\"\/solutions\/network-access-control\/\">proactive controls<\/a> across today\u2019s increasingly exploited attack surface, including network perimeter assets, operational technology, healthcare systems and IoT devices<strong>. <\/strong><\/p>\n<p>At a minimum, you should:<\/p>\n<ul>\n<li>Ensure proper visibility into these devices, including their presence on the network, the software they run, and their communication patterns. This can be achieved with agentless solutions.<\/li>\n<li>Understand their risk profile concerning vulnerabilities, weak configurations, exposure and other factors.<\/li>\n<li>Disable unused services and patch vulnerabilities to prevent exploitation.<\/li>\n<li>Change default or easily guessable credentials and use strong, unique passwords for each device.<\/li>\n<li>Enforce Multi-factor Authentication (MFA) whenever possible to add an additional layer of security, especially for VPN authentication processes.<\/li>\n<li>Encrypt all sensitive data in transit and at rest, especially personally identifiable information (PII), protected health information (PHI) and financial data.<\/li>\n<li>Avoid exposing unmanaged devices directly to the internet, except in rare cases. Ensure administrative interfaces (such as web UIs and engineering ports) on connected devices require authentication and are secured behind IP-based access control lists or a VPN-protected management VLAN.<\/li>\n<li>Enable IP-based access control lists for specific protocols, such as Modbus and BACnet for OT networks.<\/li>\n<li>Segment the network to isolate IT, IoT and OT devices, limiting network connections to only authorized management and engineering workstations or among unmanaged devices that need to communicate. Segmentation also helps to prevent lateral movement with compromised credentials.<\/li>\n<\/ul>\n<p>Additional mitigation recommendations from our research in 2025H1 include:<\/p>\n<ul>\n<li>Enable endpoint logging beyond alerts to include process, file, user, network, registry, driver and PowerShell activities.<\/li>\n<li>Gather logs from systems handling user authentication, especially single-sign on and cloud service access.<\/li>\n<li>Deploy continuous monitoring for suspicious authentication attempts and frequently review logs for potential unauthorized access.<\/li>\n<li>Rotate credentials and cryptographic keys suspected of being compromised.<\/li>\n<li>Block suspicious TLDs associated with infostealer infrastructure.<\/li>\n<li>Implement browser security controls to protect against credential theft.<\/li>\n<li>Conduct targeted training on social engineering techniques.<\/li>\n<\/ul>\n<p>After implementing these proactive controls, ensure that threat detection and response systems encompass every device within the whole organization. Since threats now move from one type of device to another, it is crucial to detect them throughout the entire organization \u2013 from an entry point such as a vulnerable router, to a pivot point, like a misconfigured workstation, and finally to a target such as an insecure OT device. Ensure your threat detection solution covers all device types and ingests multiple data sources, including firewalls, intrusion detection systems, endpoint detection and response (EDR), and other security tools.<\/p>\n<div style=\"margin: 10px 0 20px 0; border-top: 1px solid #CCCCCC; border-bottom: 1px solid #CCCCCC; padding: 10px 0 10px 0;\">\n<h4>Get all of Forescout\u2019s research from Vedere Labs in your inbox once a month.<\/h4>\n<p class=\"u-display-flex u-flex-wrap u-gap\"><a href=\"\/research-newsletter-subscription-lp\/\"  title=\"Sign Up Now\" class=\"c-btn c-btn--lblue has-icon icon-arrow-right icon-position-right has-icon-animation icon-animation-fade-in\"><span class=\"cta-button-text\">Sign Up Now<\/span><\/a>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Our latest cybersecurity threat report shows ransomware attacks, zero day exploits, and industry targets in critical infrastructure are up. <\/p>\n","protected":false},"author":124,"featured_media":107560,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"ep_exclude_from_search":false,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[562],"tags":[],"coauthors":[542],"class_list":["post-107597","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-views"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Midyear Threat Report: Numbers Grow in Nearly All the Wrong Places<\/title>\n<meta name=\"description\" content=\"Our latest cybersecurity threat report shows ransomware attacks, zero day exploits, and industry targets in critical infrastructure are up.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Midyear Threat Report: Numbers Grow in Nearly All the Wrong Places\" \/>\n<meta property=\"og:description\" content=\"Our latest cybersecurity threat report shows ransomware attacks, zero day exploits, and industry targets in critical infrastructure are up.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/\" \/>\n<meta property=\"og:site_name\" content=\"Forescout\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ForescoutTechnologies\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-04T11:00:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-12T14:24:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-feature.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Forescout Research - Vedere Labs\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Forescout\" \/>\n<meta name=\"twitter:site\" content=\"@Forescout\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/\"},\"author\":{\"name\":\"Forescout Research - Vedere Labs\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/person\/038ef2eda17d37f87d9978fa703ee984\"},\"headline\":\"Midyear Threat Report: Numbers Grow in Nearly All the Wrong Places\",\"datePublished\":\"2025-08-04T11:00:08+00:00\",\"dateModified\":\"2025-09-12T14:24:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/\"},\"wordCount\":1364,\"publisher\":{\"@id\":\"https:\/\/www.forescout.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-feature.webp\",\"articleSection\":[\"News &amp; Views\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/\",\"url\":\"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/\",\"name\":\"Midyear Threat Report: Numbers Grow in Nearly All the Wrong Places\",\"isPartOf\":{\"@id\":\"https:\/\/www.forescout.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-feature.webp\",\"datePublished\":\"2025-08-04T11:00:08+00:00\",\"dateModified\":\"2025-09-12T14:24:03+00:00\",\"description\":\"Our latest cybersecurity threat report shows ransomware attacks, zero day exploits, and industry targets in critical infrastructure are up.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/#primaryimage\",\"url\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-feature.webp\",\"contentUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-feature.webp\",\"width\":1200,\"height\":628},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.forescout.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Midyear Threat Report: Numbers Grow in Nearly All the Wrong Places\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.forescout.com\/#website\",\"url\":\"https:\/\/www.forescout.com\/\",\"name\":\"Forescout\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.forescout.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.forescout.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.forescout.com\/#organization\",\"name\":\"Forescout Technologies, Inc.\",\"url\":\"https:\/\/www.forescout.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg\",\"contentUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg\",\"width\":1,\"height\":1,\"caption\":\"Forescout Technologies, Inc.\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/ForescoutTechnologies\",\"https:\/\/x.com\/Forescout\",\"https:\/\/www.instagram.com\/forescouttechnologies\/\",\"https:\/\/www.linkedin.com\/company\/forescout-technologies\",\"https:\/\/www.youtube.com\/user\/forescout1\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/person\/038ef2eda17d37f87d9978fa703ee984\",\"name\":\"Forescout Research - Vedere Labs\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/person\/image\/b4c8db5600adef8fa1a89cc86e15c781\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6f43608a91eb86cde1564e21650235d0ed570d1ae0fbd371a265636ed603e70d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6f43608a91eb86cde1564e21650235d0ed570d1ae0fbd371a265636ed603e70d?s=96&d=mm&r=g\",\"caption\":\"Forescout Research - Vedere Labs\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Midyear Threat Report: Numbers Grow in Nearly All the Wrong Places","description":"Our latest cybersecurity threat report shows ransomware attacks, zero day exploits, and industry targets in critical infrastructure are up.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/","og_locale":"en_US","og_type":"article","og_title":"Midyear Threat Report: Numbers Grow in Nearly All the Wrong Places","og_description":"Our latest cybersecurity threat report shows ransomware attacks, zero day exploits, and industry targets in critical infrastructure are up.","og_url":"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/","og_site_name":"Forescout","article_publisher":"https:\/\/www.facebook.com\/ForescoutTechnologies","article_published_time":"2025-08-04T11:00:08+00:00","article_modified_time":"2025-09-12T14:24:03+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-feature.webp","type":"image\/webp"}],"author":"Forescout Research - Vedere Labs","twitter_card":"summary_large_image","twitter_creator":"@Forescout","twitter_site":"@Forescout","twitter_misc":{"Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/#article","isPartOf":{"@id":"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/"},"author":{"name":"Forescout Research - Vedere Labs","@id":"https:\/\/www.forescout.com\/#\/schema\/person\/038ef2eda17d37f87d9978fa703ee984"},"headline":"Midyear Threat Report: Numbers Grow in Nearly All the Wrong Places","datePublished":"2025-08-04T11:00:08+00:00","dateModified":"2025-09-12T14:24:03+00:00","mainEntityOfPage":{"@id":"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/"},"wordCount":1364,"publisher":{"@id":"https:\/\/www.forescout.com\/#organization"},"image":{"@id":"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/#primaryimage"},"thumbnailUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-feature.webp","articleSection":["News &amp; Views"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/","url":"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/","name":"Midyear Threat Report: Numbers Grow in Nearly All the Wrong Places","isPartOf":{"@id":"https:\/\/www.forescout.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/#primaryimage"},"image":{"@id":"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/#primaryimage"},"thumbnailUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-feature.webp","datePublished":"2025-08-04T11:00:08+00:00","dateModified":"2025-09-12T14:24:03+00:00","description":"Our latest cybersecurity threat report shows ransomware attacks, zero day exploits, and industry targets in critical infrastructure are up.","breadcrumb":{"@id":"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/#primaryimage","url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-feature.webp","contentUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-feature.webp","width":1200,"height":628},{"@type":"BreadcrumbList","@id":"https:\/\/www.forescout.com\/blog\/midyear-threat-report-numbers-grow-in-nearly-all-the-wrong-places\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.forescout.com\/"},{"@type":"ListItem","position":2,"name":"Midyear Threat Report: Numbers Grow in Nearly All the Wrong Places"}]},{"@type":"WebSite","@id":"https:\/\/www.forescout.com\/#website","url":"https:\/\/www.forescout.com\/","name":"Forescout","description":"","publisher":{"@id":"https:\/\/www.forescout.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.forescout.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.forescout.com\/#organization","name":"Forescout Technologies, Inc.","url":"https:\/\/www.forescout.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg","contentUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg","width":1,"height":1,"caption":"Forescout Technologies, Inc."},"image":{"@id":"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ForescoutTechnologies","https:\/\/x.com\/Forescout","https:\/\/www.instagram.com\/forescouttechnologies\/","https:\/\/www.linkedin.com\/company\/forescout-technologies","https:\/\/www.youtube.com\/user\/forescout1"]},{"@type":"Person","@id":"https:\/\/www.forescout.com\/#\/schema\/person\/038ef2eda17d37f87d9978fa703ee984","name":"Forescout Research - Vedere Labs","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/#\/schema\/person\/image\/b4c8db5600adef8fa1a89cc86e15c781","url":"https:\/\/secure.gravatar.com\/avatar\/6f43608a91eb86cde1564e21650235d0ed570d1ae0fbd371a265636ed603e70d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6f43608a91eb86cde1564e21650235d0ed570d1ae0fbd371a265636ed603e70d?s=96&d=mm&r=g","caption":"Forescout Research - Vedere Labs"}}]}},"featured_media_url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2025\/07\/VL-2025H1-Threat-Review-feature.webp","is_file":false,"excerpt_manually_set":true,"_links":{"self":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts\/107597","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/users\/124"}],"replies":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/comments?post=107597"}],"version-history":[{"count":3,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts\/107597\/revisions"}],"predecessor-version":[{"id":108357,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts\/107597\/revisions\/108357"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/media\/107560"}],"wp:attachment":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/media?parent=107597"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/categories?post=107597"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/tags?post=107597"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/coauthors?post=107597"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}