Cyber Security News

Cybercriminals Exploit Network Edge Devices to Infiltrate SMBs

Small and midsized businesses (SMBs) continue to be prime targets for cybercriminals, with network edge devices playing a critical role in initial attacks, according to the latest annual threat report by Sophos.

The report highlights the persistent threat of ransomware, which despite a slight year-over-year decline in frequency, has seen an increase in the cost of attacks.

Escalating Vulnerabilities in Network Edge Devices

The report underscores that compromised network edge devices, including firewalls, VPNs, and other access devices, have been responsible for a quarter of initial breaches in confirmed cases through telemetry.

These devices often fall victim to misconfigurations or outdated, unpatched software, which cybercriminals exploit with alarming speed.

Network Edge DevicesNetwork Edge Devices
The login screen for a RaccoonStealer Office365-focused credential theft portal

For instance, within a month of Veeam’s vulnerability disclosure (CVE-2024-40711) in September 2024, cyber attackers developed an exploit paired with VPN access to infiltrate systems.

Cybercriminals are not just targeting zero-day vulnerabilities but are quick to weaponize known vulnerabilities, even those over a year old.

This tactic was evident in several high-impact cases where vulnerabilities like those in Citrix NetScaler and VMware ESXi were exploited widely, contributing to nearly 15% of Sophos Managed Detection and Response (MDR) tracked intrusions involving malware.

Rising Tide of Remote Ransomware and Evolving Tactics

The report also details the growing trend of remote ransomware attacks, which increased by 141% since 2022.

This method involves executing ransomware from outside the network’s endpoint protection, often through compromised network shares, thereby evading traditional endpoint defenses.

Cyber attackers are also adapting their strategies to include social engineering through Microsoft Teams vishing, where attackers use email bombing and fake technical support calls to gain initial access.

Frag Ransomware note associated with a STAC5881 attack

Moreover, the misuse of generative AI for crafting convincing phishing emails has been noted, with criminals using AI to bypass traditional content filters by producing personalized and grammatically correct messages.

Despite these evolving tactics, the core challenge for SMBs remains the lifecycle management of their network edge devices.

Old or unpatched systems serve as open doors for cybercriminals. The report stresses the importance of regular updates, patches, and complete lifecycle management of all network-facing technologies to mitigate these risks.

“Digital detritus,” as termed by Sophos CEO Joe Levy, refers to obsolete hardware and software that constitute a growing source of security vulnerabilities.

Sophos emphasizes a defense-in-depth approach, suggesting that SMBs should not only focus on endpoint security but also on securing network perimeters through regular audits, updates, and possibly enlisting external cybersecurity expertise.

In response to these threats, Sophos advises SMBs to consider migrating to passkeys for account security, implement multifactor authentication where passkeys are not feasible, and engage in continuous monitoring through identity threat detection and response strategies.

This holistic approach aims to keep pace with the dynamic threat landscape shaped by cybercriminals’ evolving tactics and tools.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Aman Mishra

Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

2 days ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

2 days ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

2 days ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

2 days ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

2 days ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

2 days ago