Hackers Exploiting Edge Devices: How to Defend Your Organization

The 2025 Verizon Data Breach Investigation Report (DBIR) found a spike in the frequency of hackers exploiting edge devices. For the report, Verizon analyzed 22,052 security incidents, 12,195 of which had confirmed data breaches. The report found 20% of the incidents were caused by an exploitation of vulnerabilities (behind credential abuse at 22% and ahead of phishing at 16%). Out of the exploitation of vulnerability incidents, 22% involved an attack on VPNs or edge devices. That represents an 800% increase from the previous year, when edge device attacks only represented 3% of the exploitation of vulnerability incidents.

Examples of Edge Devices

Edge devices are hardware components that sit at the edge (also commonly referred to as the boundary or perimeter) of a network, close to where data is generated or consumed. They handle data processing, transmission, storage, and routing of data between networks.

Common examples of edge devices include:

• Virtual private network (VPN) gateways
• Firewalls
• Routers
• IoT devices such as thermostats and cameras
• Medical devices
• Point of sale systems
• Servers
• Mobile devices

How Hackers Exploit Edge Devices

Hackers may target edge devices because they are often less protected than central servers and are directly exposed to networks. Here are common vulnerabilities hackers look for when attacking edge devices:

Default passwords: Many edge devices come with factory-set passwords. If users never change the default password, they are exposing themselves to an attack.

Outdated firmware or software: If the device software isn’t updated, attackers may be able to attack vulnerabilities that have been publicized.

Poor network security: Edge devices connected without encryption (like unsecured Wi-Fi) make it easier to intercept or inject malicious data.

Physical access: Since edge devices are often in public or remote places, hackers might tamper with them directly.

Malware infections: Installing malware into an edge device lets bad actors spy, steal data, or turn devices into parts of a botnet, which is a network of private computers infected with malware and controlled as a group without the owners’ knowledge.

Examples of Edge Device Attacks

• In 2023, a hacking campaign dubbed “ArcaneDoor” targeted Cisco Adaptive Security Appliances (ASAs), which serve as firewalls and VPN gateways for government networks worldwide. Attackers exploited two zero-day vulnerabilities, “Line Dancer” and “Line Runner,” to execute malicious code, monitor traffic, and maintain persistent access even after device reboots.
• In 2023, security camera company Ring was fined $5.8 million by the Federal Trade Commission, partly due to security failures. Ring was accused of failing to implement security measures to prevent “credential stuffing” and “brute force” attacks. Hackers gained access to stored videos, live video streams, and account profiles of approximately 55,000 U.S. customers
• Attackers infiltrated a Las Vegas casino’s network by exploiting a smart fish tank thermometer. They accessed the casino’s database of high-dollar customers through this IoT device, demonstrating how unconventional IoT devices can serve as entry points for cyberattacks.
• In 2024, the hacking group CyberAv3ngers, affiliated with Iran’s Revolutionary Guard Corps, launched cyberattacks against industrial control systems globally. They targeted over 100 devices made by the Israeli firm Unitronics, disrupting water services and infiltrating oil and gas systems in the U.S. and Ireland. The group used custom malware, IOControl, to infect devices, enabling covert surveillance and potential future sabotage.

Defending Your Edge Devices

Here are some strategies organizations can leverage to mitigate risk exposure from edge devices:

Communicate with Manufacturers and Vendors

Organizations need to establish lines of communication with the manufacturers of their edge devices. It’s important to know when software and firmware updates are available to patch known vulnerabilities and enhance security features. Subscribe to vendor security notifications and follow hardening guides.

Ask manufacturers about their security processes with questions like: Do you conduct penetration tests on your products? Do you accept, and how do you handle vulnerability reports from customers?

Least Privilege and Access Control

Applications and users should operate with only the permissions they need. Restrict actions based on defined roles or attributes to limit the potential damage if a credential is compromised. Use strong, phishing-resistant multi-factor authentication (MFA) for all administrative device access. Create an alert system for administrative log-ons and changes.

Data Encryption

Sensitive data should be encrypted both when stored on the device and when transmitted across networks. AES is commonly used for encrypting data at rest, while TLS is standard for encrypting data in transit. Key management should be handled securely to prevent unauthorized decryption.

Endpoint Detection and Threat Monitoring

A continuous monitoring program allows for early threat detection and response. Deploy endpoint detection tools to identify suspicious behavior directly on the device. Where resources are limited, telemetry such as logs, network activity, and anomaly reports should be forwarded to the security or IT teams.

Physical Security

Edge devices often operate in remote or unsecured environments, increasing the risk of physical tampering. Port access should be physically blocked or disabled, and tamper-evident seals or internal sensors can detect unauthorized access attempts.

Maintain a Detailed Inventory that Includes Support Timelines

Always be aware of the end-of-life and end-of-service dates for your edge devices. It will likely not be possible to patch vulnerabilities past those dates. Develop a plan for removing and replacing devices before their end-of-life date.

Include Edge Devices in Your Incident Response Plans

Your organization’s incident response plan needs to account for edge devices. Establish procedures for isolating devices with the least possible impact on core operations. Ensure secure remote access is available for containment and investigation. Establish who is responsible for edge devices if an incident occurs.

Establish relationships with multiple vendors to increase the odds of getting the products you need if a cyber incident impacts your supply chain.

CompliancePoint has a suite of cybersecurity services that can help your organization strengthen all aspects of its security program. Contact us at connect@compliancepoint.com to learn more.