In this session, Tod Beardsley (runZero) is joined by Kimber Duke and Patrick Garrity from VulnCheck to discuss the critical intersection of end-of-life (EOL) hardware and cybersecurity exploitation. The conversation centers on a recent VulnCheck report revealing that network edge devices — such as consumer routers and enterprise firewalls — are the most targeted assets for exploitation. The speakers highlight a stark divide in attacker motives: botnets almost exclusively target consumer-grade devices for DDoS attacks, while ransomware campaigns focus on enterprise-level edge infrastructure for high-value breaches.
The discussion also dives into the zombie cycle of the internet, where unpatched, unsupported devices remain online indefinitely, creating a massive, static attack surface. This problem is exacerbated by ISPs that continue to issue EOL hardware to new customers and a lack of consumer awareness regarding router updates. The VulnCheck team also shares insights into their work as a CVE Numbering Authority (CNA), noting a massive spike in vulnerability reports — from 3,000 in March of the previous year to over 5,200 in the current month — driven in part by the use of AI and fuzzing tools to discover new flaws in both open-source and proprietary code.
Meet Our Speakers
todb
VP of Security Research, runZero
Get the latest news and expert insights delivered in your inbox.
