Risks from Legacy and Unpatched Systems in Critical Infrastructure
A new Cisco report highlights the growing risk posed by legacy and unsupported systems within national critical infrastructure, revealing that nearly half of global business network assets were already aging or obsolete as of 2020. The United Kingdom, in particular, faces significant exposure, with 228 legacy systems identified across government in 2024 and over a quarter at high risk of operational or security failure. The report underscores that unsupported systems, often located at network edges, are prime targets for attackers, and that a majority of breaches in the EU during 2022 and 2023 exploited vulnerabilities with available but unapplied patches. Healthcare and other essential sectors are especially vulnerable due to concentrated use of outdated technology.
Recent cyberattacks have increasingly targeted legacy firewalls and network devices, with state-sponsored groups exploiting known vulnerabilities in products from vendors such as Cisco, SonicWall, Palo Alto Networks, and Fortinet. Research indicates that 60% of enterprise firewalls fail high-severity compliance checks, reflecting deeper governance and patch management issues. Attackers are leveraging these weaknesses, often chaining exploits across network edges and VPNs, while defenders struggle with fragmented vendor alerts and outdated risk frameworks. The persistent use of unsupported technology and delayed patching continues to undermine national resilience and exposes critical infrastructure to significant cyber threats.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
9 events from the most recent confirmed update back to the earliest known activity.
Cisco warns critical infrastructure is running out of time on legacy tech
Cisco published a report warning that outdated and unsupported technology in national infrastructure is a major enabler for cyber attackers, with the UK assessed as having the highest end-of-life exposure among countries reviewed.
State-backed groups target critical infrastructure for persistence
By 2025, state-backed actors including Volt Typhoon were described as actively targeting water, energy, and communications networks to establish long-term access.
Security guidance urges hardening and rapid patching of firewalls
Security experts recommended comprehensive asset inventory, urgent patching, stronger authentication, restricted internet exposure of management interfaces, and monitoring for exploit indicators to reduce firewall compromise risk.
Research finds most enterprise firewalls fail high-severity checks
Research published in late 2025 found that a majority of enterprise firewalls failed high-severity compliance checks, pointing to governance and operational weaknesses that leave organizations exposed.
Attacks surge against legacy firewalls across major vendors
In recent months, attacks increased against legacy firewalls from Cisco, SonicWall, Palo Alto Networks, and Fortinet, with some activity attributed to China-linked Storm-1849. Attackers exploited newly disclosed flaws and authentication weaknesses to gain rapid access and persistence.
Synnovis attack disrupts healthcare services
A 2024 cyberattack on Synnovis disrupted thousands of patient interactions and caused losses exceeding $39 million, demonstrating the operational impact of attacks on legacy-dependent environments.
US government spends $80 billion maintaining existing systems
In 2023, the US government spent $80 billion on maintaining existing systems, underscoring the financial burden of technical debt and delayed modernization.
French hospitals still widely use Windows 7
In 2022, about 60% of French hospitals were still using Windows 7, illustrating persistent legacy-system risk in the healthcare sector.
Global business network assets reach high obsolescence levels
Cisco reported that by 2020, nearly half of global business network assets were already obsolete, highlighting widespread exposure created by unsupported and end-of-life technology.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Enterprise and Critical Infrastructure Threats from Unpatched and Unmanaged Devices
Recent research highlights that enterprise networks are increasingly vulnerable due to a high prevalence of legacy, end-of-life (EOL) systems, unpatched devices, and poor network segmentation. Telemetry from over 27 million devices across 1,800 enterprises reveals that 26% of Linux and 8% of Windows systems are running unsupported operating systems, with 39% of IT devices lacking active endpoint security. Additionally, a significant portion of devices operate outside IT control, and 77% of corporate networks are poorly segmented, allowing low-security devices to share network space with high-value assets, increasing the risk of lateral movement by attackers. Simultaneously, critical infrastructure sectors such as energy, healthcare, government, and transportation are experiencing a surge in cyberattacks targeting IoT and Android devices. Attackers are exploiting the interconnectedness of these industries for financial gain, with the U.S. being the primary target. The rise in attacks underscores the need for stringent tracking of user behaviors, robust access controls, accurate asset inventories, and improved network segmentation to mitigate risks posed by unmanaged and vulnerable devices in both enterprise and critical infrastructure environments.
Mar 21, 2026
Modern Strategies for Managing Legacy and Unmanageable Systems in Cybersecurity
Organizations are increasingly challenged by the risks posed by legacy systems, unmanageable devices, and unknown assets within their networks. Security leaders and experts emphasize the importance of comprehensive asset discovery and visibility as foundational steps to effective vulnerability management. Automated solutions that map infrastructure, including unauthenticated and legacy devices, are critical for identifying blind spots and prioritizing risk. Experts caution against over-reliance on traditional CVE-based tools, highlighting that many real-world breaches exploit default credentials, poor configurations, and unmanaged assets that may not appear in standard vulnerability reports. Rapid response capabilities, such as real-time intelligence and query-based searches, are recommended to quickly identify and mitigate zero-day exposures. In sectors like healthcare, the long lifecycle of medical devices presents unique challenges, as many systems cannot be patched or easily replaced. Security leaders advocate for network segmentation and close collaboration with vendors to manage these risks, while also promoting proactive, risk-based approaches that go beyond compliance checklists. Commentary from industry professionals underscores that legacy and unmanageable systems are often targeted by advanced persistent threats and botnets, with attackers leveraging automation and AI to exploit exposures. Addressing these challenges requires breaking down silos between IT, OT, and security teams, and adopting strategies that prioritize visibility, risk reduction, and continuous improvement across all assets.
May 1, 2026
Cisco Initiative to Address Security Risks in Aging Network Infrastructure
Cisco has announced a new initiative, "Resilient Infrastructure," aimed at mitigating the security risks posed by aging and unsupported network equipment, including routers and switches. The company is responding to the growing threat landscape, where generative AI is making it easier for attackers to exploit vulnerabilities in legacy devices, many of which are no longer supported with security patches or updates. Cisco's effort includes research, industry outreach, and technical changes to how it manages its own legacy products, with a focus on both its own and other vendors' equipment still in use. As part of this initiative, Cisco will begin issuing explicit warnings to customers when their devices are approaching end-of-life or are configured insecurely. Over time, the company plans to disable insecure options by default and eventually remove them entirely from its products. This move comes after analyses revealed that Chinese nation-state actors have exploited known vulnerabilities in Cisco equipment during high-profile attacks on telecom providers. Cisco's approach aims to make secure configurations the default and to proactively alert administrators to risky settings, thereby reducing the attack surface presented by outdated infrastructure.
Mar 21, 2026