2022 Threat Roundup

2022 Threat Roundup – The Emergence of Mixed IT/IoT Threats
In 2022, cyberattacks grew in intensity, sophistication and frequency. The adoption of new connected devices by organizations in 2023 is likely to pose even greater challenges. To help organizations of all sizes prepare, Forescout’s Vedere Labs has analyzed data gathered in 2022 about cyberattacks, exploits and malware and shared insights via our 2022 Threat Roundup.

100 Million
Attacks Jul. – Dec. 2022

10 Attacks
Per Second

7000
Exploits

1000
Unique Malware Samples
Webinar: Trending IT/IoT Threats
Join Elisa Costante, VP of Research at Vedere Labs, as she takes a deep dive into the state, evolution and future of malware attacks from the 2022 Threat Roundup.
What We Found
For a deep dive into the statistics and analysis of the threats observed, read the full technical report
Read Report
Attacks come from everywhere…
- Attacks originated from 191 countries and territories
- Top 10 countries account for 73% of malicious traffic
- 75% of exploits originated from U.S. and China
- 81% of attacks launched from legitimate hosting/cloud providers

…even from legitimate businesses
- Attacks originated from 160,000+ IP addresses in 500+ autonomous systems
- 81% are from hosting or cloud providers
- 18% belong to ISPs, largely due to compromised consumer devices

Remote management services are the top target…
- 43% of attacks target remote management protocols (RDP, VNC, SSH, Telnet)
- 26% target web protocols (HTTP and HTTP/S) for scanning or vulnerability exploitation attempts
- Mainly exploited using brute forcing with well-known or weak credentials

Exploits are not limited to traditional applications…
- 76% of attacks targeted software libraries such as Log4j, TCP/IP stacks, Open SSH
- Preference for supply chain vulnerabilities to achieve foothold on network
- 14% target exposed vulnerable services (databases, web applications, email servers)

...and critical infrastructure is a constant target
Attackers constantly probe multiple OT devices and protocols for malicious reconnaissance, including scans for:
- OPC-UA, S7, Ethernet/IP, Modbus – used in industrial automation to exchange input/output data or manage devices such as PLCs
- Fox – used in building automation to control devices (lighting, HVAC, access control)
- DNP3, IEC-104, MMS and IEEE-C37.118 Synchrophasor – used in energy and water sectors

After initial access, attackers explore the system... and drop malware
- Most common tactics are Discovery (95%), Persistence (3%) and Execution (1%)
- Endemic malware includes WannaCry (53%) and Mirai variants (8%)
- Emerging botnets such as Chaos cross IT/IoT boundaries
Strategic Recommendations: How Forescout Can Help
To protect your environment from mixed IT/IoT cyber threats, focus on these three key pillars:
- Risk and exposure management. Identify, quantify and prioritize cybersecurity risk, starting by discovering and assessing every connected asset for real-time awareness of your attack surface.
- Network security. Continuously monitor all connected assets to govern network access, using real-time traffic visibility to manage segmentation and dynamic control policies to mitigate and remediate risk.
- Threat detection and response. Detect, investigate and respond to true threats and incidents using extended detection and response (XDR) capabilities to collect telemetry and logs, correlate attack signals, generate high-fidelity detections and enable automated responses.
For more detailed recommendations, read the report.
Read Report