Rapid digitization means that organizations are now more connected than ever. Most organizations now host a combination of interconnected IT, OT, IoT and sometimes IoMT devices in their networks, which has increased their attack surface. Forescout’s data shows that around 24% of connected devices in every organization are no longer traditional IT.

Recently, Gartner® refreshed one of its foundational cybersecurity research, “The 6 Principles of Successful Network Segmentation Strategies.”1 The principles covered in the research are tried and true. Segmenting networks to improve security and performance is nothing new to security teams, yet the same challenges persist year after year.

In our new threat briefing, Forescout’s Vedere Labs details tactics, techniques and procedures (TTPs) commonly adopted by ransomware groups and provides specific mitigation recommendations. In addition to basic cyber hygiene practices, we recommend using Forescout XDR for extended detection and response. Its 1,500+ detection rules cover hundreds of the TTPs most commonly used by ransomware.

In our new threat briefing report, Forescout’s Vedere Labs provides details on the recent ransomware campaign targeting VMware ESXi virtualization servers, or hypervisors, and analyzes two payloads used in these attacks: variants of the Royal and Clop ransomware. We also present the tactics, techniques and procedures (TTPs) used by attackers in this campaign, discuss mitigation recommendations and list indicators of compromise (IOCs) that can be used for detection or threat hunting.

According to a Mandiant survey of 1,350 global business and IT leaders, when trying to secure their networks against cyber threats, nearly all respondents (96%) believe it’s important to understand the threat actors targeting their organizations. That’s hardly a surprise. But then there’s this finding: 79% of respondents say that most of the time, they make decisions about cyberattacks without insights into who could be targeting their organization.