Security Bloggers Network 
SBN

Mandiant’s M-Trends 2025: Edge Devices Are Now Prime Targets

by Rebecca Kappel on April 24, 2025

Key Takeaways from Mandiant’s M-Trends 2025

There’s a certain irony that’s hard to ignore in Mandiant’s latest M-Trends report:
The devices built to protect networks—VPNs, firewalls, routers—were at the heart of one-third of all cyberattacks last year.

These edge devices, essential for defense, have become prime targets. Why? Their design often limits advanced security monitoring, making them attractive entry points for attackers. And the timing? Brutal. Three of the four most-exploited vulnerabilities were zero-days, struck before patches could close the door.

vpn-mandiant

Why edge devices?

Edge devices play a vital role in defending the perimeter, but that role comes with trade-offs. They’re often lightweight and optimized for performance, not for running complex security tools like endpoint detection and response (EDR). As a result, when attackers breach these devices, they frequently do so undetected—slipping past the radar of many organizations.

Mandiant’s report highlighted that three of the four top exploited vulnerabilities in 2024 were zero-days—discovered and leveraged by attackers before patches were available. The targets? Critical devices at the edge of networks.

  • Palo Alto Networks GlobalProtect (CVE-2024-3400) was the most exploited vulnerability, used by both state-backed groups and ransomware affiliates.
  • Ivanti Connect Secure VPN (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893) was repeatedly targeted, with Chinese espionage groups among the early adopters.
  • Fortinet FortiClient EMS (CVE-2023-48788) was used in both ransomware campaigns and data theft.

What makes these vulnerabilities so dangerous is not just their location, but the speed at which attackers move. Mandiant observed over a dozen threat groups exploiting one zero-day within two weeks of its disclosure. The window to respond is narrowing.

What this means for risk management

It’s a reminder that perimeter defenses alone aren’t enough. Visibility into exposures—before they’re exploited—makes all the difference.

At Centraleyes, external scanning is part of the process. It identifies these potential weak points and helps organizations understand their true risk posture—so decisions aren’t made in the dark.

Read the full Mandiant report here.

The post Mandiant’s M-Trends 2025: Edge Devices Are Now Prime Targets appeared first on Centraleyes.

*** This is a Security Bloggers Network syndicated blog from Centraleyes authored by Rebecca Kappel. Read the original post at: https://www.centraleyes.com/mandiants-m-trends-2025-edge-devices-are-now-prime-targets/

Rebecca Kappel 0 Comments