# Ransomware is Up, Zero-Days are Booming, and Your IP Camera Might Be Next

The world of cybersecurity is facing a new reality. According to Forescout's 2025H1 Threat Review, the number of advanced threats is on the rise, with zero-day exploits increasing by 46% and ransomware attacks averaging 20 per day. This trend is expected to continue, with non-traditional equipment like edge devices, IP cameras, and BSD servers becoming increasingly targeted.

The report, which analyzed over 23,000 vulnerabilities and 885 threat actors across 159 countries, reveals that adversaries are finding new ways to gain access to networks through overlooked and unconventional corners. This is a wake-up call for organizations and individuals alike, as the lines between hacktivist operations and state-sponsored actors continue to blur.

"We're seeing attackers gain initial access through overlooked IoT devices or infostealers, then use lateral movement to pivot across IT, OT, and IoT environments," said Sai Molige, Senior Manager of Threat Hunting at Forescout. "Our ValleyRAT hunt, which uncovered the Chinese threat actor Silver Fox targeting healthcare systems, is a prime example. These attackers exploit blind spots to quietly escalate access."

The impact of these attacks is severe, with healthcare being under siege and averaging two breaches per day. This is not just a matter of data theft or disruption; it's about the safety and security of critical infrastructure.

"From hospitals to medical devices to critical infrastructure, it is all being targeted through zero-day exploits, unconventional entry points, and nation-backed hacktivism," said Barry Mainz, CEO of Forescout. "You can't defend critical infrastructure with yesterday's tools. Security must be continuous, proactive, and device-agnostic."

The rise of ransomware is also a significant concern, with a 36% increase in documented attacks year over year. This trend is expected to continue, with new variants and attack methods emerging all the time.

"Hacktivist operations are no longer just symbolic or isolated," said Daniel dos Santos, Head of Research at Forescout. "They're evolving into coordinated campaigns targeting critical infrastructure with real-world consequences." The Iranian-aligned groups are a prime example of this shift towards more aggressive and state-influenced disruption tactics.

The threat landscape is becoming increasingly complex, but there are steps that can be taken to reduce the risk of an attack. Organizations must prioritize continuous, proactive, and device-agnostic security measures. This includes regular patching and updating of software, implementing robust network segmentation, and using advanced threat detection tools.

"The only way to stay ahead of these threats is to adopt a proactive and defensive mindset," said Barry Mainz. "Cybersecurity must be an integral part of your overall risk management strategy, not just a separate silo." By taking these steps, organizations can reduce their exposure to ransomware and other advanced threats.