FTI A.I CyberSecurity Scoring
FTI
Company Information
Website:http://www.forescout.com
Employees number:1,317
Number of followers:70,260
NAICS:541514
Industry Type:Computer and Network Security
Homepage:forescout.com
FTI Risk Score (AI oriented)
Between 750 and 799
FTIComputer and Network Security
Updated:
01/05/2026
01/05/2026
758/1000
Fair
Baa
FTI Global Score (TPRM)
xxxx
FTIComputer and Network Security
Score locked

FTIFair
Current Score
758Baa (FAIR)
01000
1 incidents
-1 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
759
JUNE 2026
759
MAY 2026
758
APRIL 2026
758
MARCH 2026
758
FEBRUARY 2026
759
Vulnerability
01 Feb 2026 • FTI
Forescout Technologies: Forescout finds 3.4 million RDP and VNC servers exposed, raising risks to OT and enterprise networks
Millions of RDP and VNC Servers Exposed, Heightening Cybersecurity Risks to Critical Infrastructure
758
CRITICAL-1
FOR1777631221
Millions of RDP and VNC Servers Exposed, Heightening Cybersecurity Risks to Critical Infrastructure
New research from Forescout Technologies’ Vedere Labs reveals a staggering 1.8 million Remote Desktop Protocol (RDP) and 1.6 million Virtual Network Computing (VNC) servers exposed to the internet, creating significant security vulnerabilities across industrial and enterprise environments. China leads in exposure, accounting for 22% of RDP and 70% of VNC servers, followed by the U.S. (20% RDP, 7% VNC) and Germany (8% RDP, 2% VNC).
Industry analysis shows retail, services, and education sectors dominate RDP exposure, while education, services, and healthcare lead in VNC exposure. Manufacturing, transportation, and utilities are also heavily impacted. Many exposed systems run outdated software 18% of RDP servers use end-of-life Windows versions, and 42% rely on Windows 10, which no longer receives security updates. Additionally, over 19,000 RDP servers remain vulnerable to the critical BlueKeep flaw, and nearly 60,000 VNC servers have authentication disabled, including 670 directly linked to operational technology (OT) and industrial control systems (ICS).
Threat activity is escalating, with hacktivist groups actively sharing tools to identify and exploit vulnerable systems. The REDHEBERG botnet has infected nearly 40,000 exposed VNC assets since February. Since Russia’s invasion of Ukraine in 2022 and the Middle East conflict escalation in early 2026, hacktivist attacks on critical infrastructure have surged. Pro-Russian groups like Cyber Army of Russia Reborn (CARR), NoName057(16), Z-Pentest, and Sector16 have targeted exposed VNC servers, using brute-force attacks and custom tools to gain access. One such tool, the TRK25 ADVANCED SCADA scanner, probes RDP, VNC, and OT-specific protocols like Modbus and OPC, capturing screenshots of compromised systems. Recent incidents include a claimed breach of an Israeli groundwater pumping station and the sale of access to a Czech SCADA system.
The risks are compounded by insecure remote access practices in industrial environments. Traditional methods like VPNs and jump hosts often rely on shared credentials and lack granular control, while undocumented access pathways created by OEMs, contractors, or ad hoc connections operate without oversight. Legacy protocols, designed without remote connectivity in mind, further increase vulnerability to misconfigurations and unauthorized access. Limited session visibility exacerbates the problem, as organizations struggle to track who accesses critical systems and what actions they take.
Forescout’s research underscores that secure remote access (SRA) in cyber-physical systems (CPS) requires a fundamental shift treating access as a controlled operational workflow rather than a simple network connection. Modern SRA solutions isolate sessions, rendering them as secure, browser-delivered streams to minimize exposure of fragile protocols. However, many organizations remain complacent, treating long-standing remote connections as "trusted" despite their inherent risks. As Mandolini of Forescout noted, these unsecured pathways often overlooked in favor of more complex threat scenarios frequently appear in breach reports under labels like "unauthorized access" or "compromised credentials." The findings highlight an urgent need for improved governance and visibility in remote access management to prevent exploitation of these persistent security gaps.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
REFERENCES
JANUARY 2026
759
DECEMBER 2025
759
NOVEMBER 2025
759
OCTOBER 2025
759
SEPTEMBER 2025
759
AUGUST 2025
759
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for FTI ??
What was FTI's A.I Rankiteo Cyber Score in June 2026 ??
What was FTI's A.I Rankiteo Cyber Score in May 2026 ??
What was FTI's A.I Rankiteo Cyber Score in April 2026 ??
What was FTI's A.I Rankiteo Cyber Score in March 2026 ??
What was FTI's A.I Rankiteo Cyber Score in February 2026 ??
What was FTI's A.I Rankiteo Cyber Score in January 2026 ??
What was FTI's A.I Rankiteo Cyber Score in December 2025 ??
What was FTI's A.I Rankiteo Cyber Score in November 2025 ??
What was FTI's A.I Rankiteo Cyber Score in October 2025 ??
What was FTI's A.I Rankiteo Cyber Score in September 2025 ??
What was FTI's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on FTI's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with FTI ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view FTI's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?