Enterprises are finding themselves in the crosshairs of increasingly sophisticated cyber threats, with attackers now setting their sights on network infrastructure, particularly routers. This shift in focus is in line with the findings of Forescout Research Vedere Labs’ 2025 report on the riskiest connected devices, which points to a growing trend of cyber adversaries targeting routers as their primary entry point for attacks.
The report reveals a significant change in the cybersecurity landscape, with routers overtaking traditional endpoints as the most sought-after target for cyberattacks. This change is driven by the inherent vulnerability of routers located at network perimeters and the presence of high-severity vulnerabilities that are being exploited at an alarming rate through large-scale campaigns.
This year’s report sheds light on a troubling increase in risk, with 12 new device types making their debut on the list of the most vulnerable devices. Among these are Application Delivery Controllers (ADCs), firewalls, and IPMI devices, all of which play crucial roles in network management but are riddled with vulnerabilities, some of which have already been exploited by malicious actors.
Routers, in particular, have emerged as the most vulnerable devices, accounting for over 50% of devices with critical vulnerabilities. This makes them prime targets for exploitation, with cyberattacks often starting at these entry points before spreading throughout the enterprise network. The retail sector has been identified as having the riskiest devices on average, followed closely by financial services, government, healthcare, and manufacturing.
One concerning trend highlighted in the report is the increasing use of legacy Windows versions, especially in government and healthcare sectors, which continues to pose significant risks. Additionally, there has been a surge in the use of unencrypted Telnet over more secure protocols like SSH, particularly within government networks. This shift towards less secure protocol usage is alarming as it exposes devices to a higher risk of unauthorized access.
To address these emerging threats, security professionals are urged to adopt a comprehensive security strategy that covers all types of devices, including IT, IoT, OT, and IoMT devices. The report emphasizes the importance of not only identifying vulnerabilities but also actively managing and mitigating risks across diverse device ecosystems. Traditional endpoint-focused security measures are no longer adequate, and there is a need for comprehensive, automated security controls that do not rely solely on endpoint agents.
As the cyberattack landscape continues to evolve, the focus on network equipment, especially routers, as entry points for attacks underscores the urgent need for enterprises to bolster their security measures at the network level. Continuous vigilance and adaptive security frameworks are essential in effectively countering these evolving threats and ensuring the resilience of enterprise networks against malicious actors.