Full Report
Data released by Forescout Technologies disclosed that cybersecurity will be a primary concern for both enterprise and government... The post Forescout 2024 Threat Report warns of intensifying cyber threats in 2025, as OT protocols increasingly targeted appeared first on Industrial Cyber.
Analysis Summary
# Industry News: Forescout Report Highlights Escalating OT/ICS Threats and Shifting Geopolitical Attack Origins
## Summary
Forescout Technologies’ 2024 Threat Report indicates that cybersecurity, particularly concerning Operational Technology (OT) and Industrial Control Systems (ICS), will be a top concern for organizations in 2025, fueled by financial risks and geopolitical tensions. The report observed a massive 114% surge in observed attacks, with a significant shift in attack vector focus towards building automation protocols alongside the continued dominance of industrial protocols like Modbus. Furthermore, the origin of major cyber threats is shifting, with Russia overtaking China as the most common source among the top originating countries, and the U.S. remaining the prime target.
## Key Details
- Date: Announced recently (Implied by "2024 Threat Report" context)
- Companies Involved: Forescout Technologies
- Category: Market Analysis / Threat Intelligence Report
## The Story
Forescout's analysis of 900 million attacks in 2024 reveals escalating threats across the digital estate. While attacks on industrial automation protocols remain high (79%), there is a notable and alarming increase in attacks targeting building automation protocols (now 9%), indicating attackers are expanding their scope beyond traditional industrial PLCs to encompass broader facility management systems. Modbus (40%) and Ethernet/IP (28%) are the most frequently targeted OT protocols. The report also highlights an 114% year-over-year increase in observed attacks globally. Geographically, the U.S. is the primary target, while Russia has emerged as the leading source of threat actors, surpassing China. Critical infrastructure has seen a staggering 668% rise in reported incidents since 2022. Forescout concludes by urging organizations to prioritize risk/exposure management, network security, and threat detection/response, emphasizing the critical need for visibility across OT/IoT infrastructure.
## Business Impact
### For the Companies Involved
- **Forescout:** Solidifies its position as a leading authority in OT/IoT visibility and threat intelligence, leveraging compelling data to drive sales of its platform, especially as organizations scramble to address blind spots in their building automation and legacy OT environments.
### For Competitors
- Competitors in the OT security and network visibility space will need to quickly integrate findings regarding the rise of BACnet, KNX/IP, and building automation exploitation into their marketing and product roadmaps to remain relevant against Forescout's specific threat insights.
### For Customers
- Customers face increased justification for budgetary allocations toward OT security, especially in sectors like manufacturing, energy, and telecommunications. The report signals that security coverage must expand beyond core industrial controls to encompass building systems, as these common assets are becoming viable attack paths.
### For the Market
- The report validates the growing materiality of OT security risk, suggesting that investments in unified IT/OT/IoT visibility solutions will accelerate. The rise in attacks originating from Russia and the focus on specific critical sectors like telecoms (per Salt Typhoon context) will likely spur targeted government advisories and compliance mandates.
## Technical Implications
The report points to a diversification in threat actor tooling, noting that while Modbus remains dominant, the increased interest in protocols like BACnet and the appearance of KNX/IP suggest that attackers are moving past relying solely on widely available, generic exploits. The preference for spearphishing as an initial access technique, even amidst application exploits, remains a persistent challenge, demanding layered defense strategies. The finding that many exploited vulnerabilities are *not* yet in CISA’s KEV catalog highlights a dangerous gap in immediate patching priorities for many organizations.
## Strategic Analysis
- **Market Positioning:** Forescout reinforces its strategic focus on converging IT, IoT, and OT security, positioning OT protocol visibility (including building automation) as a non-negotiable requirement for holistic network security.
- **Competitive Advantage:** Their ability to track and analyze attacks across such a broad scope of protocols—from core ICS to building management—provides a distinct advantage in demonstrating comprehensive coverage where competitors often focus on siloed OT environments.
- **Challenges:** The broad attack vector diversification (more protocols showing up in the "Others" category) means customers face complexity in achieving necessary visibility. Furthermore, the shift in actor origin introduces complex geopolitical risk assessment challenges for global firms.
## Industry Reactions
- **Analyst Opinions:** Analysts will likely view this report as confirmation that "security convergence" is no longer optional. The strong quantitative data on incident surges (668% in CI) will attract significant attention from risk officers and boards.
- **Expert Commentary:** Experts will emphasize Forescout’s call that monitoring OT traffic must equal IT traffic monitoring, stressing that organizations currently relying on perimeter defense or legacy segmentation are effectively "blind" to these evolving threats.
- **Market Response:** Expect increased funding and M&A activity targeting vendors specializing in asset discovery and protocol monitoring for specialized environments like building automation systems within the next 12-18 months.
## Future Outlook
- **Predictions and Expectations:** The trend toward targeting building automation systems (BAS) is expected to intensify, requiring BAS service providers and integrators to mature their security postures rapidly. We can also expect to see increased focus on supply chain assessment, given the mention of attacks originating from abused hosting providers worldwide.
- **What to watch for:** Further detailed incident reporting on the exploitation of new building automation protocols and governmental responses aimed at securing infrastructure against actors originating from Russia.
## For Security Professionals
Cybersecurity teams must immediately reassess network segmentation strategies, ensuring that OT and IoT traffic flows are being monitored with the same rigor as IT traffic. Focus resources on gaining deep visibility into Modbus, Ethernet/IP, BACnet, and KNX/IP environments. Prioritize vulnerability management programs that proactively integrate OT and IoT assets, rather than waiting for CISA advisories, given the discovery of actively exploited, uncataloged vulnerabilities.