As manufacturers of perimeter security appliances, including CCTV systems, firewalls, radar systems, access control devices, motion sensors, and similar products, there has been a troubling lack of attention to incorporating robust security features. This gap in protection is making these products vulnerable, which in turn contributes to an increase in ransomware attacks.
A key report highlighting this issue was released by Coalition, a U.S.-based insurance firm, in their latest annual threat report. The report was compiled using data collected throughout 2024, and it revealed alarming statistics. According to Coalition, about 58% of the claims it handled in 2024 were linked to security compromises stemming from vulnerabilities in perimeter security appliances. Notably, well-established names in the industry such as Fortinet, Cisco, Microsoft, Palo Alto Networks, and SonicWALL were among the most affected.
The primary cause behind these vulnerabilities was traced to a few common mistakes. One of the most damaging factors was the widespread use of default logins, followed by exposed credentials for remote management solutions and login panels. These weak points were found to be prime targets for cybercriminals looking to exploit the system.
A prominent example of such an attack occurred in February 2024 when the notorious BlackCat Ransomware group, also known as ALPHV, infiltrated the network of Change HealthCare. They used a Citrix Remote panel to access authentication data, which ultimately led to a ransomware attack that compromised the organization.
The responsibility for securing these devices doesn’t solely lie with the manufacturers. While it is crucial for them to enforce stronger security features such as Multi-Factor Authentication (MFA), encryption, and other protective measures, the role of users is equally important. Users must take basic but vital steps in cyber hygiene, such as changing default passwords and ensuring that their credentials are long, complex, and include a mix of alphanumeric characters and special symbols.
Cybercriminals are always on the lookout for vulnerable devices to exploit and use them as bots to launch attacks on broader networks. To protect themselves from such threats, users of perimeter security appliances must prioritize their cybersecurity practices. This includes adhering to basic security hygiene standards, keeping their systems up to date, and proactively ensuring that their devices are secure.
By combining efforts from both manufacturers and users, the risks of cyberattacks on perimeter security devices can be significantly reduced, making the digital landscape safer for everyone.
