Edge device vulnerabilities fueled attack sprees in 2024 | CyberScoop<\/title> <meta name=\"description\" content=\"The most consequential cyberattacks observed by Darktrace last year were linked to software defects in firewalls and perimeter network technologies.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/edge-device-vulnerabilities-fuel-attack-sprees\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Edge device vulnerabilities fueled attack sprees in 2024\"> <meta property=\"og:description\" content=\"The most consequential cyberattacks observed by Darktrace last year were linked to software defects in firewalls and perimeter network technologies.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/edge-device-vulnerabilities-fuel-attack-sprees\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2025-02-19T12:01:00+00:00\"> <meta property=\"article:modified_time\" content=\"2025-02-18T22:56:21+00:00\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/edge-device-vulnerabilities-fueled-attack-sprees-in-2024-2.jpg\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1739294329g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1736472017g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1739308213g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=5e4722b3d0055288d011\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/83527\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=83527\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fedge-device-vulnerabilities-fuel-attack-sprees%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fedge-device-vulnerabilities-fuel-attack-sprees%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-83527 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/edge-device-vulnerabilities-fuel-attack-sprees\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"5.12\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Nominations can be submitted for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.350602409639\">\n<div class=\"single-article__header-content\" readability=\"34.38\">\n<p> The most consequential cyberattacks observed by Darktrace last year were linked to software defects in firewalls and perimeter network technologies. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/83527\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/edge-device-vulnerabilities-fueled-attack-sprees-in-2024.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/edge-device-vulnerabilities-fueled-attack-sprees-in-2024-2.jpg 2121w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/edge-device-vulnerabilities-fueled-attack-sprees-in-2024-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/edge-device-vulnerabilities-fueled-attack-sprees-in-2024-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/edge-device-vulnerabilities-fueled-attack-sprees-in-2024-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/edge-device-vulnerabilities-fueled-attack-sprees-in-2024-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/edge-device-vulnerabilities-fueled-attack-sprees-in-2024-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/edge-device-vulnerabilities-fueled-attack-sprees-in-2024-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/edge-device-vulnerabilities-fueled-attack-sprees-in-2024-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/edge-device-vulnerabilities-fueled-attack-sprees-in-2024-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/edge-device-vulnerabilities-fueled-attack-sprees-in-2024-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/edge-device-vulnerabilities-fueled-attack-sprees-in-2024-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"31.586950904393\"><body readability=\"64.23385432026\"><\/p>\n<p>Edge devices harboring zero-day and n-day vulnerabilities were linked to the most consequential attack campaigns last year, Darktrace said in an <a href=\"http:\/\/www.darktrace.com\/resources\/annual-threat-report-2024\">annual threat report<\/a> released Wednesday.<\/p>\n<p>Darktrace\u2019s threat researchers found the most frequent vulnerability exploits in customers\u2019 instances of Ivanti Connect Secure and Ivanti Policy Secure appliances, along with firewall products from Fortinet and Palo Alto Networks. <\/p>\n<p>Cybersecurity vendors shipped products that ultimately accounted for and became the initial access vector for the majority of the most significant attack campaigns last year, the report shows.<\/p>\n<p>Vendors that supply security hardware and services were responsible for four of the six mostly commonly exploited vulnerabilities observed by Darktrace: a pair of vulnerabilities affecting Ivanti products (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-46805\">CVE-2023-46805<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2024-21887\">CVE-2024-21887<\/a>); a trio impacting Palo Alto Networks firewalls running PAN-OS (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2024-3400\">CVE-2024-3400<\/a>, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2024-0012\">CVE-2024-0012<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2024-9474\">CVE-2024-9474<\/a>); and a vulnerability affecting Fortinet\u2019s network management tool FortiManager (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-47575\">CVE-2024-47575<\/a>).<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThese devices sit on the edge of your network, and that\u2019s your last sight of visibility and therefore the door to your house,\u201d Nathaniel Jones, VP of threat research at Darktrace, told CyberScoop.<\/p>\n<p>\u201cIf they can get through cybersecurity companies then they\u2019re bypassing the exact detection that companies have provided customers,\u201d Jones said. \u201cYou\u2019re kind of getting underneath the specific thing that\u2019s supposed to be detecting you, and getting access that way.\u201d<\/p>\n<p>Threat groups are increasingly investing more resources to study and reverse engineer network edge devices that are widespread. This shows up in Darktrace\u2019s research, which complements the Cybersecurity and Infrastructure Security Agency\u2019s <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\">known exploited vulnerabilities catalog<\/a>, particularly as it relates to repeat offenders \u2014 vendors that commonly appear on the agency\u2019s continuously updated resource of vulnerabilities that threat groups have exploited in the wild.<\/p>\n<p>Nation-state threat groups are most likely responsible for zero-day attacks on network edge devices because they have the resources, but these vulnerabilities have a long shelf life and are routinely targeted by financially motivated threat groups as proof of concepts emerge, Jones said.<\/p>\n<p>\u201cYour time to do patch management and get that closed off is just decreased, so it makes it challenging to manage those CVEs in these specific devices in a very quick timeframe,\u201d Jones said. \u201cIf you\u2019re not on it, or you\u2019re very underresourced and you have other things going on to support the business, then this can be a problem.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Threat actors also target edge devices because they provide greater capabilities to use living-off-the-land techniques and grab a compromised credential or create another credential to gain persistent access and achieve lateral movement across networks.<\/p>\n<p>Forty percent of the malicious activity observed by Darktrace researchers in the first half of last year involved the exploitation of internet-facing devices. Information-stealing malware surged and became the most prominent activity observed by Darktrace in the second half of 2024.<\/p>\n<p>Darktrace\u2019s annual threat intelligence report on active threats in 2024 is based on research it gathered across its fleet of nearly 10,000 customer deployments.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.7374476987448\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/edge-device-vulnerabilities-fueled-attack-sprees-in-2024-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/edge-device-vulnerabilities-fuel-attack-sprees\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Edge device vulnerabilities fueled attack sprees in 2024 | CyberScoop<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[282,78,3721,2182,917,1394,715,256,288,643,2281],"tags":[286,86,3722,2185,921,1395,720,262,294,645,2283],"class_list":["post-7358","post","type-post","status-publish","format-standard","hentry","category-cybercrime","category-cybersecurity","category-darktrace","category-edge-devices","category-fortinet","category-ivanti","category-palo-alto-networks","category-research","category-threats","category-vulnerabilities","category-vulnerability","tag-cybercrime","tag-cybersecurity","tag-darktrace","tag-edge-devices","tag-fortinet","tag-ivanti","tag-palo-alto-networks","tag-research","tag-threats","tag-vulnerabilities","tag-vulnerability"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/darktrace\/\" rel=\"category tag\">Darktrace<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/edge-devices\/\" rel=\"category tag\">edge devices<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fortinet\/\" rel=\"category tag\">Fortinet<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ivanti\/\" rel=\"category tag\">Ivanti<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/palo-alto-networks\/\" rel=\"category tag\">Palo Alto Networks<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability\/\" rel=\"category tag\">vulnerability<\/a>","tag_info":"vulnerability","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7358","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7358"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7358\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7358"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7358,"date":"2025-02-19T06:01:00","date_gmt":"2025-02-19T12:01:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=83527"},"modified":"2025-02-19T06:01:00","modified_gmt":"2025-02-19T12:01:00","slug":"edge-device-vulnerabilities-fueled-attack-sprees-in-2024","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/02\/19\/edge-device-vulnerabilities-fueled-attack-sprees-in-2024\/","title":{"rendered":"Edge device vulnerabilities fueled attack sprees in 2024"},"content":{"rendered":"