- Network edge devices make up nearly 30% of intrusion points
- Ransomware is still the most popular attack type
- End-of-life devices pose a serious risk to security
It won’t come as much of a surprise to learn that cyberattackers are evolving their tactics, and that the number of attacks is growing each year. New research from Sophos shows that these incidents involving network edge devices like routers, VPNs, and firewalls, are becoming a growing point of intrusion – accounting for nearly 30% of initial compromises observed in Sophos’ Annual Threat Report.
Within ransomware and data exfiltration attacks, VPNs were the most popular initial compromise type – making up 25% of events, even higher than compromised credentials, which sits at just over 15% – concerning given that billions of credentials are stolen from businesses around the world every year.
Unsurprisingly, ransomware topped the table for number of incidents, with over 90% of incident response cases for midsize organizations, and 70% of small business cases involving the attack.
Digital detritus
A noticeable trend in cybersecurity is the rise in social engineering attacks, primarily to collect credentials in order to move forward into the targeted organization’s network. This is largely due to AI enabling attackers to send out more sophisticated phishing attacks at a higher rate than ever.
“Over the past several years, attackers have aggressively targeted edge devices. Compounding the issue is the increasing number of end-of-life (EOL) devices found in the wild – a problem Sophos calls digital detritus. Because these devices are exposed to the internet and often low on the patching priority list, they are a highly effective method for infiltrating networks,” said Sean Gallagher, principal threat researcher at Sophos.
Out-of-date tech poses a serious risk to cybersecurity teams, and is costing organizations in operational costs and security risks – making lifecycle management an integral part of cyber defense.
“However, targeting edge devices is part of a larger shift we’re witnessing in which attackers don’t have to deploy custom malware. Instead, they can exploit businesses’ own systems, increasing their agility and hiding in the places security leaders aren’t looking,” Gallagher adds.
Leave a comment