Cyber Security News

Cybercriminals Exploit Network Edge Devices to Infiltrate SMBs

Small and midsized businesses (SMBs) continue to be prime targets for cybercriminals, with network edge devices playing a critical role in initial attacks, according to the latest annual threat report by Sophos.

The report highlights the persistent threat of ransomware, which despite a slight year-over-year decline in frequency, has seen an increase in the cost of attacks.

Escalating Vulnerabilities in Network Edge Devices

The report underscores that compromised network edge devices, including firewalls, VPNs, and other access devices, have been responsible for a quarter of initial breaches in confirmed cases through telemetry.

These devices often fall victim to misconfigurations or outdated, unpatched software, which cybercriminals exploit with alarming speed.

Network Edge DevicesNetwork Edge Devices
The login screen for a RaccoonStealer Office365-focused credential theft portal

For instance, within a month of Veeam’s vulnerability disclosure (CVE-2024-40711) in September 2024, cyber attackers developed an exploit paired with VPN access to infiltrate systems.

Cybercriminals are not just targeting zero-day vulnerabilities but are quick to weaponize known vulnerabilities, even those over a year old.

This tactic was evident in several high-impact cases where vulnerabilities like those in Citrix NetScaler and VMware ESXi were exploited widely, contributing to nearly 15% of Sophos Managed Detection and Response (MDR) tracked intrusions involving malware.

Rising Tide of Remote Ransomware and Evolving Tactics

The report also details the growing trend of remote ransomware attacks, which increased by 141% since 2022.

This method involves executing ransomware from outside the network’s endpoint protection, often through compromised network shares, thereby evading traditional endpoint defenses.

Cyber attackers are also adapting their strategies to include social engineering through Microsoft Teams vishing, where attackers use email bombing and fake technical support calls to gain initial access.

Frag Ransomware note associated with a STAC5881 attack

Moreover, the misuse of generative AI for crafting convincing phishing emails has been noted, with criminals using AI to bypass traditional content filters by producing personalized and grammatically correct messages.

Despite these evolving tactics, the core challenge for SMBs remains the lifecycle management of their network edge devices.

Old or unpatched systems serve as open doors for cybercriminals. The report stresses the importance of regular updates, patches, and complete lifecycle management of all network-facing technologies to mitigate these risks.

“Digital detritus,” as termed by Sophos CEO Joe Levy, refers to obsolete hardware and software that constitute a growing source of security vulnerabilities.

Sophos emphasizes a defense-in-depth approach, suggesting that SMBs should not only focus on endpoint security but also on securing network perimeters through regular audits, updates, and possibly enlisting external cybersecurity expertise.

In response to these threats, Sophos advises SMBs to consider migrating to passkeys for account security, implement multifactor authentication where passkeys are not feasible, and engage in continuous monitoring through identity threat detection and response strategies.

This holistic approach aims to keep pace with the dynamic threat landscape shaped by cybercriminals’ evolving tactics and tools.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Aman Mishra

Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Recent Posts

Nmap 7.96 Released with Enhanced Scanning Capabilities and Updated Libraries

The popular network mapping and security auditing tool Nmap has released version 7.96, featuring a…

11 minutes ago

Cisco IOS XE Vulnerability Allows Attackers to Gain Elevated Privileges

Cisco has issued an urgent security advisory (ID: cisco-sa-iosxe-privesc-su7scvdp) following the discovery of multiple privilege…

20 minutes ago

Cisco IOS, XE, and XR Vulnerability Allows Remote Device Reboots

 Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in its…

3 hours ago

OpenCTI: Free Cyber Threat Intelligence Platform for Security Experts

OpenCTI (Open Cyber Threat Intelligence) stands out as a free, open source platform specifically designed…

4 hours ago

LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online

The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber extortion…

7 hours ago

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers (WLCs),…

7 hours ago