As edge devices continue to be the target of malicious attacks, security experts have found an increase in brute-force attempts, according to a new white paper released by the Cyber Threat Alliance (CTA).
Based on a compilation of research from several contributors, the white paper notes that CTA members have seen “a quiet but growing threat to edge devices since 2016. These devices are deployed at the boundaries between interconnected networks. The resulting impact of these devices – such as routers, switches and firewalls – on an enterprise and to the connected digital ecosystem can be significant.”
Edge devices are not only used to develop infrastructure for future attacks, but they are also used to monitor traffic and to establish persistent access, targeting networks or systems in order to steal data and even to put offensive cyber-attacks that deny, degrade, disrupt, or destroy into operation, according to an April 30 CTA blog post.
What’s concerning, according to CTA members, is that while attacks against edge devices continue to increase, basic protections for these devices are not keeping pace.
“This is often due to a lack of built-in security and a 'set it and forget it' mentality by owners. This report describes the security challenges for edge devices and highlights five case studies to illustrate how attackers have taken advantage of weaknesses in the systems themselves and poor security practices common to the use of edge devices,” the blog said.
According to research from Sophos, which was contributed to the white paper, “most of the attacks we saw involved a simple brute-force attempt to pass default or common username/password credentials to a selection of services, including web-based content management systems, the remote access VNC or RDP protocols, remote terminals over telnet or SSH, Internet telephony adapters, or database servers. But there were several others that sent us down a rabbit hole.”