Get Started
Contact us

If you found this blog post interesting you might also enjoy our regular series of webinars about practical ways to improve the security of people working outside the office.

Upcoming Webinars →

The cyber threat landscape has changed. Not subtly, but fundamentally.

For years, most senior decision-makers thought of hackers as highly skilled, state-sponsored operatives or lone technical geniuses. The type of people you would expect to target governments or billion-dollar corporations, not an admin portal or a home router used by a staff member working from home.

That perception no longer holds up, especially as the uncontrolled network edge becomes more critical. Everything from home routers to shared office networks is now a point of exposure.

Hacking-as-a-Service: What It Is
The term Hacking-as-a-Service (HaaS) describes a fast-growing illicit market where tools, access and attack capabilities are packaged and sold to anyone who wants them. Think Software-as-a-Service but for ransomware, phishing kits, botnet access and credential stuffing tools.

These platforms are not just available. They are designed to be easy to use:

  • Prebuilt control panels
  • “Customer support” chat for attackers
  • Trial offers
  • Profit-sharing and affiliate schemes

With these tools, even non-technical attackers can target weak points, often at the uncontrolled network edge.

From High-Value Targets to Easy Entry Points
If you are using secure systems, corporate endpoints or managed devices, you are not always the easiest way in. So what is?

  • The router someone uses at home
  • The Wi-Fi network that comes with a shared office space
  • The firewall or VPN gateway that has not been patched in years because no one realised it was still live

These network edge devices are:

  • Outdated, sometimes using firmware based on Linux versions from a decade ago even when fully patched
  • Unmonitored, unlike endpoints or cloud infrastructure
  • Insecure by default, with weak or hardcoded credentials still common

Thanks to HaaS, these forgotten entry points are now being targeted in bulk using automated scanning and attack tools, especially at the uncontrolled edge where visibility is low, patches are often skipped and devices are easily overlooked.

You Don’t Need a Zero-Day
One of the most uncomfortable truths for many organisations is this: attackers do not need to invent new methods or use entirely new vulnerabilities.

In most cases, they are exploiting known issues that were never patched or using configuration weaknesses that should never have existed in the first place.

This is especially true for routers and network devices that:

  • Were set up once and never touched again
  • Still have default admin credentials in place
  • Have software patches that did not fix known flaws
  • Are no longer supported by their manufacturer

Many of these devices are part of the uncontrolled network edge such as home environments, shared offices and older gateways, making them easy pickings when combined with HaaS offerings.

What Has Changed?
The answer is scale, simplicity and invisibility.

  • Scale: There are more attackers than ever before, and they are not just targeting the historically obvious places to attack.
  • Simplicity: Attack tools have become plug-and-play, meaning attackers do not need heavy technical skills.
  • Invisibility: Compromised routers or edge devices often go undetected because they sit outside traditional IT monitoring and logging.

Add to this the growth of hybrid access, remote staff and the uncontrolled network edge being a regular part of how people work. The attack surface has expanded dramatically.

What This Means for Your Organisation
If you have historically relied on VPNs, endpoint protection or strong identity controls, those are still important.

However, they do not help if:

  • an attacker has already compromised the network from which someone is connecting, for example a home router with weak firmware
  • the uncontrolled network edge is not secured or monitored

Modern cyber guidance from agencies such as the NSA, CISA and NCSC increasingly emphasises the need to secure the network edge, ensuring devices, routers and gateways that staff use outside official infrastructure are part of your threat model.

The Bottom Line
It is easy to think that if something has not caused a problem before, it is not urgent.

However, the risk posed by unmanaged edge devices, especially routers in people’s homes or shared offices, is no longer theoretical. It is being actively exploited using off-the-shelf tools sold via services that operate like any other subscription platform.

The attackers have changed. The tools have changed. That means the targets are changing too. The uncontrolled network edge is no longer optional to secure. It is central.

It is time to bring network edge security into the spotlight before it becomes your next problem.

Recent Posts

If you found this blog post interesting you might also enjoy our regular series of webinars about practical ways to improve the security of people working outside the office.

Upcoming Webinars →