(TLP:CLEAR) Forescout’s 2025 Threat Roundup Report

Summary: Forescout Research – Vedere Labs recently released its “2025 Threat Roundup report,” which analyzed threat actor intelligence collected throughout the year, including over 900 million attacks. The report highlights an increase in the volume, sophistication, and global distribution of cyber attacks, with increasing abuse of cloud infrastructure and expanding exploitation across IT, IoT, and OT environments. Notably, while the number of threat actors and state-sponsored groups remained relatively similar, threat actors conducted nearly six times more incidents compared to the previous report.

Additionally, the report notes an 84% surge in attacks leveraging OT protocols, with Modbus accounting for 57% of observed OT exploitation, followed by Ethernet/IP (22%) and BACnet (8%). IoT exploitation rose 19% frequently targeting IP cameras and network video recorders.  

Analyst Note: Members are encouraged to review the report, which includes key findings related to OT/ICS infrastructure and offers strategic recommendations for improved defense in 2026 in the recommended mitigations section. The report indicates the importance of comprehensive visibility across all asset types, including legacy OT, IoT devices such as cameras and environmental sensors, and externally facing web applications. Members can validate unnecessary services are disabled, default credentials are removed, and multifactor authentication is enforced for remote access and administrative interfaces. Network segmentation between IT and OT environments, combined with strict access control lists limiting exposure to sensitive protocols, can significantly reduce lateral movement risk.

Original Source: https://www.forescout.com/research-labs/2025-threat-roundup/

Additional Reading:

• 2025 Threat Report: Exploitation Grows Across IT, IoT, and OT

Related WaterISAC PIRs: 6 -12