threat-analysis

Threat Actors Targeting Edge Devices – Edge Device Security

August 27, 2024

Edge Device Security News: DeepSeas cyber defenders are seeing reports of increased attacks against edge devices by threat actors. There are several ways criminals have targeted edge devices, and organizations are reporting incidents related to third parties.

A summary of the situation is outlined below. This summary of AI risks was written by a valued member of the DeepSeas Cyber Threat Intel crew.

Situational Summary – Edge Device Security 

• Exploitation of vulnerabilities: Threat actors, including ransomware groups and state-sponsored actors, are exploiting vulnerabilities on edge devices, remote services, and other components exposed at the network edge. They target both known vulnerabilities and zero-day exploits, making it crucial for organizations to have a plan to protect these devices. 

• Incomplete patches and workarounds: Evidence suggests that incomplete patches and workarounds have allowed for bypassed mitigations on edge devices. This can lead to vulnerabilities surviving reboots and firmware upgrades, providing persistent access to threat actors. 

• Limited monitoring and detection: Edge devices often lack detailed logs and are not easily examined or monitored by network administrators. This makes it challenging to detect signs of attack and verify the security of these devices. 

• Increase in attacks: The prevalence of large-scale attacks exploiting network devices, including edge devices, has nearly doubled in recent years. These attacks are fueled by an abundance of vulnerabilities, with 60% of exploited vulnerabilities being zero-day exploits.

• Popular targets: Edge devices, such as firewalls, VPN gateways, and email gateways, are commonly targeted by threat actors due to their role in securing networks and their internet accessibility. 

Implications and Recommendations for Securing Edge Devices 

• Priority of device security: Edge devices should be considered critical assets, and their security should be a top priority for organizations. Regularly updating software through patch management is essential to protect against known vulnerabilities. 
• Enhanced monitoring and detection: Organizations should invest in security incident and event management tools to monitor edge devices for signs of attack. Implementing authentication controls, multi-factor authentication, and intrusion detection AI can help improve monitoring capabilities. 
• Assume breach principle: Organizations should adopt the “assume breach” principle, acknowledging that a successful digital attack has already occurred or will soon occur. This mindset prompts proactive measures in segmentation, detection, incident response planning, and forensic readiness. 
• Isolation of management interfaces: All management interfaces of edge devices should be on isolated networks to prevent unauthorized access and reduce the risk of data breaches caused by human error. 
• Timely patching: Organizations should prioritize patching vulnerabilities on edge devices promptly to minimize the window of opportunity for threat actors. 

 

We invite you to schedule time with members of our DeepSeas crew who can guide your organization’s safe utilization of edge devices.