Edge Device Exploitation:
The accelerating timeline
Previous generations of attackers focused on gaining network access through endpoints like workstations and servers, using phishing emails or stolen credentials or the installation of back doors. But, as organizations and vendors have improved endpoint security, attackers have expanded their repertoire to include an increasing focus on edge devices that may be out of date, unpatched, or otherwise vulnerable.
Exploitation of edge devices is on the rise, as attackers seek new targets.
In Q1 the Beazley Security Labs team observed:
increase in ransomware activity on leak sites
35
About this report
In recent years, the industry has seen a stark change in threat actors’ tools and behaviors, and our teams are constantly adapting as these tactics evolve.
Read full report
To access full report, please fill in your details
Read full report
Alton Kizziah
CEO, Beazley Security
As soon as a new exposure is made public, large numbers of threat actors will mobilize to exploit it. Finding potentially vulnerable devices is easy with simple scanning tools, and testing to see if they’ve been patched is a straightforward process. We have seen the time to exploit a published vulnerability shrink to as little as 8 hours. This makes it a numbers game for threat actors – and the numbers are in the attacker’s favor.
Faster exploitation of newly released vulnerabilities has elevated edge device concerns.
This starts with determining whether the interface is visible from the Internet and exploitable in your environment. But even if a vulnerability is not exploitable in your environment now, it’s not a guarantee. Suppliers continually enhance their products by adding features and updating software, which can lead to new vulnerabilities. A robust vulnerability management and patching process is a must.
When assessing risk, you need to identify whether the exploit is applicable to your organization.
General best practices for preventing stolen credential exploitation that every organization should follow include identity and access management (IAM), credential security, and endpoint and network security, but there are best practices specific to certain industries, including financial services, healthcare, manufacturing, and technology.
Organizations can’t solely rely on one security control – a defense in depth strategy is essential to protect the environment as a whole.
See five-year breakdown
The ability to share these experiences proactively with clients is key to the Beazley Security value proposition. This is why I’m so excited to introduce our new Cyber Risk | In Focus series. Part explainer, part analysis, and part data resource, these reports are designed to dig deep into emerging trends as they’re unfolding and help you make informed decisions about your cyber defenses.
Let’s dive in. Read on to learn what edge device exploitation could mean for your businesses and what you can do preemptively to protect your environment.
Cyber Risk | In Focus
Introduction
Edge Device Exploitation:A Threat to Watch
Putting the Risks in Context: Case Studies & Data
What CISOs Should Know: Best Practices and Technical Solutions
To Learn More
We see more than 5,000 incidents per year, giving usunique insight into the changing risk environment.
What our experts have to say
56
of ransomware deployments were caused by compromised VPN credentials
22
rise in actively exploited vulnerabilities
%
%
%
Introduction
Edge Device Exploitation:A Threat to Watch
Putting the Risks in Context: Case Studies & Data
What CISOs Should Know: Best Practices and Technical Solutions
To Learn More
To access the full report, please fill in your details below