The cyber threat landscape has changed. Not subtly, but fundamentally.
For years, most senior decision-makers thought of hackers as highly skilled, state-sponsored operatives or lone technical geniuses. The type of people you’d expect to target governments or billion-dollar corporations, not an admin portal or a home router used by a staff member working from home.
That perception no longer holds up.
Today, anyone with a credit card and a few hours online can launch attacks that would have required advanced skills just a few years ago. And they’re not just targeting the obvious. They’re often going after the previously overlooked.
Hacking-as-a-Service: What It Means
The term Hacking-as-a-Service (HaaS) describes a fast-growing illicit market where tools, access, and attack capabilities are packaged and sold to anyone who wants them. Think Software-as-a-Service but for ransomware, phishing kits, botnet access, and credential stuffing tools.
These platforms aren’t just available. They’re designed to be easy to use:
- Prebuilt control panels
- “Customer support” chat for attackers
- Trial offers
- Profit-sharing and affiliate schemes
The technical skill barrier is being eroded. The result? A massive increase in the number of people capable of launching attacks, many of whom aren’t technical and don’t need to be.
This has completely changed who becomes a threat and what they target.
Historically, the most valuable assets have attracted the most attention, including national infrastructure, corporate networks, government agencies, and high-profile individuals. Those targets are still being attacked. But the sheer number of people now capable of launching an attack has shifted the game entirely.
When thousands of would-be attackers all target the same “high-value” assets, those environments become crowded and heavily defended. However, when tools are readily available, and the skill barrier is low, attackers begin targeting everything; routers, printers, home networks, and poorly configured gateways. Anything they can find that others haven’t.
It’s a supply and demand problem: with more attackers and automation, the focus spreads. And edge devices, often neglected and unmanaged, are prime candidates.
From High-Value Targets to Easy Entry Points
If you’re using secure systems, corporate endpoints, or managed devices, you’re not the easiest way in.
What is?
- The router someone uses at home
- The Wi-Fi network that comes with a shared office space
- The firewall or VPN gateway that hasn’t been patched in years because no one realised it was still live
These network edge devices are:
- Outdated (sometimes using firmware based on Linux versions from a decade ago even when fully patched)
- Unmonitored (unlike endpoints or cloud infrastructure)
- Insecure by default (weak or hardcoded credentials are still common)
And thanks to HaaS, these forgotten entry points are now being targeted en masse using automated scanning and attack tools.
You Don’t Need a Zero-Day
One of the most uncomfortable truths for many organisations is this: attackers don’t need to invent new methods or use unknown vulnerabilities.
In most cases, they’re exploiting known issues that were never patched or using configuration weaknesses that should never have existed in the first place.
This is especially true for routers and network devices that:
- Were set up once and never touched again
- Have default admin credentials still in place
- Have software patches that didn’t fix known flaws
- Are no longer supported by their manufacturer
In 2024 alone, multiple campaigns exploited old vulnerabilities in routers from Netgear, Cisco, TP-Link, and D-Link, some of them using tools first developed in 2016.
So What Has Changed?
The answer is scale, simplicity, and invisibility.
Scale: There are more attackers than ever before, and they’re not just targeting the historically obvious places to attack
Simplicity: Attack tools have become plug-and-play, meaning attackers don’t need training or technical understanding
Invisibility: Compromised routers often go undetected because they sit outside traditional IT monitoring and logging
Add to this the growth in hybrid work, and the attack surface has expanded dramatically.
What This Means for Your Organisation
If you’ve historically relied on VPNs, endpoint protection, or strong identity controls, those are still important.
However, they don’t help if an attacker has already compromised the network from which someone is connecting. That’s why modern cyber guidance from agencies like the NSA, CISA, and NCSC increasingly emphasises the need to secure the network edge.
Final Thoughts
It’s easy to think that if something hasn’t caused a problem before, it isn’t urgent.
However, the risk posed by unmanaged edge devices, especially routers in people’s homes or shared offices, is no longer theoretical. It’s being actively exploited using off-the-shelf tools sold via services that operate like any other subscription platform.
The attackers have changed. The tools have changed. That means the targets are changing, too.
It’s time to bring network edge security into the spotlight before it becomes your next problem.
