Thursday, May 8, 2025
HomeCyber AttackCybercriminals Exploit Network Edge Devices to Infiltrate SMBs

Cybercriminals Exploit Network Edge Devices to Infiltrate SMBs

Published on

SIEM as a Service

Follow Us on Google News

Small and midsized businesses (SMBs) continue to be prime targets for cybercriminals, with network edge devices playing a critical role in initial attacks, according to the latest annual threat report by Sophos.

The report highlights the persistent threat of ransomware, which despite a slight year-over-year decline in frequency, has seen an increase in the cost of attacks.

Escalating Vulnerabilities in Network Edge Devices

The report underscores that compromised network edge devices, including firewalls, VPNs, and other access devices, have been responsible for a quarter of initial breaches in confirmed cases through telemetry.

- Advertisement - Google News

These devices often fall victim to misconfigurations or outdated, unpatched software, which cybercriminals exploit with alarming speed.

Network Edge Devices
The login screen for a RaccoonStealer Office365-focused credential theft portal

For instance, within a month of Veeam’s vulnerability disclosure (CVE-2024-40711) in September 2024, cyber attackers developed an exploit paired with VPN access to infiltrate systems.

Cybercriminals are not just targeting zero-day vulnerabilities but are quick to weaponize known vulnerabilities, even those over a year old.

This tactic was evident in several high-impact cases where vulnerabilities like those in Citrix NetScaler and VMware ESXi were exploited widely, contributing to nearly 15% of Sophos Managed Detection and Response (MDR) tracked intrusions involving malware.

Rising Tide of Remote Ransomware and Evolving Tactics

The report also details the growing trend of remote ransomware attacks, which increased by 141% since 2022.

This method involves executing ransomware from outside the network’s endpoint protection, often through compromised network shares, thereby evading traditional endpoint defenses.

Cyber attackers are also adapting their strategies to include social engineering through Microsoft Teams vishing, where attackers use email bombing and fake technical support calls to gain initial access.

Network Edge Devices
Frag Ransomware note associated with a STAC5881 attack

Moreover, the misuse of generative AI for crafting convincing phishing emails has been noted, with criminals using AI to bypass traditional content filters by producing personalized and grammatically correct messages.

Despite these evolving tactics, the core challenge for SMBs remains the lifecycle management of their network edge devices.

Old or unpatched systems serve as open doors for cybercriminals. The report stresses the importance of regular updates, patches, and complete lifecycle management of all network-facing technologies to mitigate these risks.

“Digital detritus,” as termed by Sophos CEO Joe Levy, refers to obsolete hardware and software that constitute a growing source of security vulnerabilities.

Sophos emphasizes a defense-in-depth approach, suggesting that SMBs should not only focus on endpoint security but also on securing network perimeters through regular audits, updates, and possibly enlisting external cybersecurity expertise.

In response to these threats, Sophos advises SMBs to consider migrating to passkeys for account security, implement multifactor authentication where passkeys are not feasible, and engage in continuous monitoring through identity threat detection and response strategies.

This holistic approach aims to keep pace with the dynamic threat landscape shaped by cybercriminals’ evolving tactics and tools.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...