Reported security incidents in critical infrastructure worldwide have grown by 668 percent since 2022 according to a new report from Forescout.

There have been 10 percent more incidents for critical infrastructure sectors than in 2023 and more than half of all incidents (57 percent) affected critical infrastructure sectors. Network infrastructure devices (routers, firewalls, VPNs, etc.) are the second largest category and increased from three percent (2022) to 11 percent (2023) and now 14 percent (2024).

"Cybercrime, hacktivists, and state-sponsored actors are exploiting IT, IoT, OT and IoMT devices in critical infrastructure, leading to real-world consequences -- planes grounded, production lines stopping, and essential services like patient care in hospitals grinding to a halt," says Barry Mainz, Forescout CEO. "Organizations that can't see their full network are left vulnerable to these threats. To better defend against them, organizations must focus on risk and exposure management to understand their attack surface, network security to enforce zero trust, and threat detection and response to identify and contain threats before they can do damage and disrupt our lives."

Overall healthcare was the top targeted sector in 2023 (24 percent) and 2024 (17 percent), followed by financial services (17 percent) and government (10 percent).

Exploits against web applications have also risen from 36 percent in 2023 to 56 percent in 2024. The percentage of exploited vulnerabilities not in CISA's Known Exploited Vulnerabilities (KEV) increased from 65 percent to 73 percent.

Attackers are constantly scanning popular OT protocols, with 79 percent targeting industrial automation, 12 percent on power sector, and the remaining on building automation. Building automation increased from two percent in 2023 to nine percent in 2024. Most attacks are opportunistic, with a heavy interest in Modbus (33 percent in 2023 to 40 percent in 2024) and more fragmented interest in a lot of other protocols.

"OT environments are quickly becoming bigger targets for cybercriminals because these areas don’t have the robust security and monitoring measures found in traditional IT systems," says Daniel dos Santos, head of research at Forescout. "With critical infrastructure and industrial systems frequently exposed to vulnerabilities, attackers see these environments as prime opportunities to steal sensitive data or cause disruption. Organizations must work to strengthen their risk and exposure management, segment sensitive networks to prevent unauthorized lateral movement, and deploy IoT/OT-aware threat detection to allow for comprehensive visibility across the entire enterprise."

The full report is available from the Forescout site.

Image Credit: Nebasin/Dreamstime.com