Modern Strategies for Managing Legacy and Unmanageable Systems in Cybersecurity
Organizations are increasingly challenged by the risks posed by legacy systems, unmanageable devices, and unknown assets within their networks. Security leaders and experts emphasize the importance of comprehensive asset discovery and visibility as foundational steps to effective vulnerability management. Automated solutions that map infrastructure, including unauthenticated and legacy devices, are critical for identifying blind spots and prioritizing risk. Experts caution against over-reliance on traditional CVE-based tools, highlighting that many real-world breaches exploit default credentials, poor configurations, and unmanaged assets that may not appear in standard vulnerability reports. Rapid response capabilities, such as real-time intelligence and query-based searches, are recommended to quickly identify and mitigate zero-day exposures.
In sectors like healthcare, the long lifecycle of medical devices presents unique challenges, as many systems cannot be patched or easily replaced. Security leaders advocate for network segmentation and close collaboration with vendors to manage these risks, while also promoting proactive, risk-based approaches that go beyond compliance checklists. Commentary from industry professionals underscores that legacy and unmanageable systems are often targeted by advanced persistent threats and botnets, with attackers leveraging automation and AI to exploit exposures. Addressing these challenges requires breaking down silos between IT, OT, and security teams, and adopting strategies that prioritize visibility, risk reduction, and continuous improvement across all assets.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Report details massive UK exploitation of decade-old vulnerabilities in 2025
A report cited by SC Media said UK organizations continued running systems with vulnerabilities disclosed more than a decade earlier, and attackers heavily exploited those weaknesses throughout 2025. SonicWall attributed 67 million UK attack attempts to a single Hikvision IP camera flaw, while the report also noted a 20% rise in successful compromises despite lower overall ransomware volume.
Russia arrests members of the Meduza Stealer group
Risky Bulletin reported that Russian authorities arrested the Meduza Stealer group, marking a law-enforcement action against the cybercrime operation. No more specific event date is provided in the reference list, so the publication date is used as the estimate.
runZero Hour recap references 'Undead by Design' findings on obsolete systems
A runZero Hour recap published on October 28, 2025 highlighted findings from the 'Undead by Design' research report and a Texas Zero-Day Massacre talk, focusing on the persistence and security risks of outdated operating systems and obsolete technology in modern environments. The recap also noted severe recent vulnerabilities affecting Cisco, Redis/Valkey, and Fortra as part of its rapid-response discussion.
Research and commentary highlight risks from end-of-life and zombie assets
Multiple late-October 2025 references discuss the ongoing security risks posed by legacy medical devices, end-of-life operating systems, abandoned projects, and other unmanaged 'zombie' assets that remain active in enterprise environments. The pieces emphasize that obsolete and unpatchable technology continues to expand attack surfaces and complicate vulnerability management.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
8 references tracked. Mallory keeps watching after this page renders.
Decade-old vulnerabilities continue to fuel millions of cyberattacks in the UK | brief | SC Media
scworld.com
Open sourceWhy Your Deprecated Endpoints Are an Attacker’s Best Friend: The Rise of Ghost APIs
hackread.com
Open sourceReal visibility can conquer the ‘ghosts’ in the machine
scworld.com
Open sourceRisky Bulletin: Russia arrests Meduza Stealer group
news.risky.biz
Open sourceZombie Projects Rise Again to Undermine Security
darkreading.com
Open sourceLegacy vulnerability management tools can’t keep up. Here’s the path forward
scworld.com
Open sourcerunZero Hour recap: Beyond the veil with end-of-life OSes
runzero.com
Open sourceManaging legacy medical devices that can no longer be patched
helpnetsecurity.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Expanding Cyber Risk Across Connected Assets and Supply Chains
Organizations are facing a rapidly evolving cyber risk landscape as the boundaries between IT, operational technology (OT), Internet of Things (IoT), and supply chain systems blur. The proliferation of connected devices, such as cameras, badge readers, HVAC systems, and factory controllers, has significantly increased the attack surface for enterprises. Business demands have driven the integration of IT, OT, and IoT, enabling telemetry to inform analytics and automation, but also concentrating dependencies on critical control planes like cloud consoles and APIs. This interconnectedness means that a single compromised identity provider, software updater, or remote management tool can serve as a single point of failure, potentially impacting thousands of endpoints and critical business processes. Security leaders emphasize the importance of maintaining a living inventory of assets, applying least privilege principles, and segmenting networks by function and criticality to mitigate these risks. Unknown or unmanaged devices should be treated as unsafe until proven otherwise, and where devices lack robust security features, organizations are advised to broker connections through secure gateways. The challenge is compounded by resource constraints and the long lifecycles of many IoT and OT devices, which often cannot be easily updated or replaced. The expansion of cyber risk also extends to the supply chain, where third-party vendors, contractors, and service providers can become entry points for attackers. Recent high-profile breaches have demonstrated that adversaries exploit trusted relationships to infiltrate organizations, with the fallout often affecting the victim company regardless of where the breach originated. This complexity is frequently invisible to the public and regulators, leading to reputational damage and loss of narrative control for affected organizations. Effective cyber readiness now requires extensive preparation, including scenario exercises, communication planning, and training to operate under pressure. The shift from endpoint-centric to control plane-centric risk management reflects the need to address the realities of modern, interconnected business environments. Organizations must adopt an "assume breach" mindset and focus on resilience and recovery planning, not just prevention. The evolving threat landscape demands that security strategies account for the full spectrum of connected assets and the intricate web of dependencies that define today's enterprises. As the definition of cyber risk continues to expand, so too must the approaches to visibility, segmentation, and incident response. Ultimately, the ability to manage and recover from cyber incidents hinges on preparation, visibility, and the recognition that every connected asset and relationship represents a potential risk vector.
Mar 21, 2026
Risks from Legacy and Unpatched Systems in Critical Infrastructure
A new Cisco report highlights the growing risk posed by legacy and unsupported systems within national critical infrastructure, revealing that nearly half of global business network assets were already aging or obsolete as of 2020. The United Kingdom, in particular, faces significant exposure, with 228 legacy systems identified across government in 2024 and over a quarter at high risk of operational or security failure. The report underscores that unsupported systems, often located at network edges, are prime targets for attackers, and that a majority of breaches in the EU during 2022 and 2023 exploited vulnerabilities with available but unapplied patches. Healthcare and other essential sectors are especially vulnerable due to concentrated use of outdated technology. Recent cyberattacks have increasingly targeted legacy firewalls and network devices, with state-sponsored groups exploiting known vulnerabilities in products from vendors such as Cisco, SonicWall, Palo Alto Networks, and Fortinet. Research indicates that 60% of enterprise firewalls fail high-severity compliance checks, reflecting deeper governance and patch management issues. Attackers are leveraging these weaknesses, often chaining exploits across network edges and VPNs, while defenders struggle with fragmented vendor alerts and outdated risk frameworks. The persistent use of unsupported technology and delayed patching continues to undermine national resilience and exposes critical infrastructure to significant cyber threats.
Mar 21, 2026
The Critical Risks of Security Misconfigurations and Overlooked Blind Spots
Security misconfigurations and overlooked vulnerabilities continue to pose significant risks to organizations, often serving as the initial foothold for attackers. One real-world example involved a company that relied solely on IP address restrictions to secure its network, neglecting to implement multi-factor authentication (MFA). This decision created a critical weakness, as attackers can easily bypass IP-based controls using VPNs to spoof their location, rendering the restriction ineffective. The absence of MFA meant that compromised credentials could be used without additional verification, exposing the organization to unauthorized access. Such misconfigurations are not isolated incidents; they represent a broader pattern where seemingly minor oversights can have catastrophic consequences. Many organizations underestimate the dangers of default settings, forgotten assets, and configuration drift, which can silently erode their security posture over time. Attackers often exploit these mundane gaps, such as stale DNS records, unpatched printers, or unsynchronized server clocks, to escalate their access and compromise critical systems. Time and telemetry integrity are particularly vital, as discrepancies in server clocks can undermine forensic investigations and incident response efforts. Organizations frequently treat network time protocol (NTP) settings as a one-time configuration, failing to monitor for drift or unauthorized changes, which attackers can leverage to cover their tracks. Systemic resilience requires a proactive approach to identifying and closing these low-profile vulnerabilities across identity management, configuration, telemetry, cloud infrastructure, and recovery processes. Rather than focusing solely on high-profile zero-day exploits, security teams must address the 'silent killers'—the overlooked misconfigurations and blind spots that can turn minor incidents into major breaches. Comprehensive checklists and regular audits are essential to ensure that no critical gap is left unaddressed. The lessons from these cases underscore the importance of layered defenses, continuous monitoring, and a culture of vigilance to prevent security misconfigurations from becoming the next major disaster.
Mar 21, 2026