Organizations Urged to Replace Discontinued Edge Devices

Organizations Urged to Replace Discontinued Edge Devices

Briefly

"Edge devices include firewalls, IoT, load balancers, network security appliances, routers, switches, wireless access points, and other software and hardware appliances that route network traffic. Edge devices that have reached end-of-support (EOS) status and no longer receive security updates pose a significant risk to federal networks and enterprise environments, as they are often targeted by state-sponsored threat actors for network access, persistence, and data theft, the US says."

""Nation-state threat actors can exploit these devices as entry points to access modern, supported environments, placing organizations' data, services, and overall security at serious risk. EOS devices may also cause compatibility issues that disrupt productivity," CISA, the FBI, and UK's NCSC note in a fresh alert ( PDF). Organizations are advised to proactively monitor networks for discontinued edge devices and replace them to improve their security posture, the government agencies say."

"On Thursday, CISA issued Binding Operational Directive 26-02: Mitigating Risk From End-of-Support Edge Devices, urging federal agencies to act immediately and address the risks posed by edge devices that are no longer maintained. "CISA is aware of widespread exploitation campaigns by advanced threat actors targeting EOS edge devices. Recent public reports of campaigns targeting certain vendors highlight actors' attempts to use these devices as a means to pivot into FCEB information system networks," CISA notes."