Sierra:21 Forescout Discovers 21 New Vulnerabilities in OT/IoT Routers Exposing Over 86,000 Devices Across Critical Sectors with Mitigation Recommendations

Ornamental dots. Two rows of three dots. The top row is a light blue. The bottom row is one light blue dot followed by two orange dots.

2022 Threat Roundup

Threat Roundup

2022 Threat Roundup – The Emergence of Mixed IT/IoT Threats

In 2022, cyberattacks grew in intensity, sophistication and frequency. The adoption of new connected devices by organizations in 2023 is likely to pose even greater challenges. To help organizations of all sizes prepare, Forescout’s Vedere Labs has analyzed data gathered in 2022 about cyberattacks, exploits and malware and shared insights via our 2022 Threat Roundup.

Read Report
Threat Round Up 100m Attacks

100 Million

Attacks Jul. – Dec. 2022

Threat Round Up 10 Attacks

10 Attacks

Per Second

2022 Threat Round Up 7K Exploits

7000

Exploits

Threat Round Up 1K Malware

1000

Unique Malware Samples

Webinar: Trending IT/IoT Threats

Join Elisa Costante, VP of Research at Vedere Labs, as she takes a deep dive into the state, evolution and future of malware attacks from the 2022 Threat Roundup.

Watch Now

What We Found

For a deep dive into the statistics and analysis of the threats observed, read the full technical report

Read Report
Distribution Of Attacks Per Country

Attacks come from everywhere…

  • Attacks originated from 191 countries and territories
  • Top 10 countries account for 73% of malicious traffic
  • 75% of exploits originated from U.S. and China
  • 81% of attacks launched from legitimate hosting/cloud providers

Autonomous System Types Originating Attacks

…even from legitimate businesses

  • Attacks originated from 160,000+ IP addresses in 500+ autonomous systems
  • 81% are from hosting or cloud providers
  • 18% belong to ISPs, largely due to compromised consumer devices

Top Executed Command Categories

Remote management services are the top target…

  • 43% of attacks target remote management protocols (RDP, VNC, SSH, Telnet)
  • 26% target web protocols (HTTP and HTTP/S) for scanning or vulnerability exploitation attempts
  • Mainly exploited using brute forcing with well-known or weak credentials

Top Exploited Software Type

Exploits are not limited to traditional applications…

  • 76% of attacks targeted software libraries such as Log4j, TCP/IP stacks, Open SSH
  • Preference for supply chain vulnerabilities to achieve foothold on network
  • 14% target exposed vulnerable services (databases, web applications, email servers)

MODBUS Enumeration

...and critical infrastructure is a constant target

Attackers constantly probe multiple OT devices and protocols for malicious reconnaissance, including scans for:

  • OPC-UA, S7, Ethernet/IP, Modbus – used in industrial automation to exchange input/output data or manage devices such as PLCs
  • Fox – used in building automation to control devices (lighting, HVAC, access control)
  • DNP3, IEC-104, MMS and IEEE-C37.118 Synchrophasor – used in energy and water sectors

Distribution of Malware Hashes per Family

After initial access, attackers explore the system... and drop malware

  • Most common tactics are Discovery (95%), Persistence (3%) and Execution (1%)
  • Endemic malware includes WannaCry (53%) and Mirai variants (8%)
  • Emerging botnets such as Chaos cross IT/IoT boundaries

Strategic Recommendations: How Forescout Can Help

To protect your environment from mixed IT/IoT cyber threats, focus on these three key pillars:

  • Risk and exposure management. Identify, quantify and prioritize cybersecurity risk, starting by discovering and assessing every connected asset for real-time awareness of your attack surface.
  • Network security. Continuously monitor all connected assets to govern network access, using real-time traffic visibility to manage segmentation and dynamic control policies to mitigate and remediate risk.
  • Threat detection and response. Detect, investigate and respond to true threats and incidents using extended detection and response (XDR) capabilities to collect telemetry and logs, correlate attack signals, generate high-fidelity detections and enable automated responses.

For more detailed recommendations, read the report.

Read Report
Demo Request Forescout Platform Top of Page