Cybercriminals Exploit Network Edge Devices to Infiltrate SMBs

Small and midsized businesses (SMBs) continue to be prime targets for cybercriminals, with network edge devices playing a critical role in initial attacks, according to the latest annual threat report by Sophos.

The report highlights the persistent threat of ransomware, which despite a slight year-over-year decline in frequency, has seen an increase in the cost of attacks.

Escalating Vulnerabilities in Network Edge Devices

The report underscores that compromised network edge devices, including firewalls, VPNs, and other access devices, have been responsible for a quarter of initial breaches in confirmed cases through telemetry.

These devices often fall victim to misconfigurations or outdated, unpatched software, which cybercriminals exploit with alarming speed.

For instance, within a month of Veeam’s vulnerability disclosure (CVE-2024-40711) in September 2024, cyber attackers developed an exploit paired with VPN access to infiltrate systems.

Cybercriminals are not just targeting zero-day vulnerabilities but are quick to weaponize known vulnerabilities, even those over a year old.

This tactic was evident in several high-impact cases where vulnerabilities like those in Citrix NetScaler and VMware ESXi were exploited widely, contributing to nearly 15% of Sophos Managed Detection and Response (MDR) tracked intrusions involving malware.

Rising Tide of Remote Ransomware and Evolving Tactics

The report also details the growing trend of remote ransomware attacks, which increased by 141% since 2022.

This method involves executing ransomware from outside the network’s endpoint protection, often through compromised network shares, thereby evading traditional endpoint defenses.

Cyber attackers are also adapting their strategies to include social engineering through Microsoft Teams vishing, where attackers use email bombing and fake technical support calls to gain initial access.

Moreover, the misuse of generative AI for crafting convincing phishing emails has been noted, with criminals using AI to bypass traditional content filters by producing personalized and grammatically correct messages.

Despite these evolving tactics, the core challenge for SMBs remains the lifecycle management of their network edge devices.

Old or unpatched systems serve as open doors for cybercriminals. The report stresses the importance of regular updates, patches, and complete lifecycle management of all network-facing technologies to mitigate these risks.

“Digital detritus,” as termed by Sophos CEO Joe Levy, refers to obsolete hardware and software that constitute a growing source of security vulnerabilities.

Sophos emphasizes a defense-in-depth approach, suggesting that SMBs should not only focus on endpoint security but also on securing network perimeters through regular audits, updates, and possibly enlisting external cybersecurity expertise.

In response to these threats, Sophos advises SMBs to consider migrating to passkeys for account security, implement multifactor authentication where passkeys are not feasible, and engage in continuous monitoring through identity threat detection and response strategies.

This holistic approach aims to keep pace with the dynamic threat landscape shaped by cybercriminals’ evolving tactics and tools.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!