- Network ons represent almost 30% of intrusion points
- Ransomware is always the most popular type of attack
- End -of -life devices have a serious risk for safety
It will not be so surprising to learn that cyber attacks evolve their tactics and that the number of attacks increases each year. New Sophos research shows that these incidents involving network edges such as routers, VPNs and firewalls become an increasing point of intrusion – representing nearly 30% of the initial compromises observed in the annual threat report of sophos.
As part of ransomware and data exfiltration attacks, VPNs were the most popular initial compromise type – representing 25% of events, even higher than compromised identification information, which is just over 15% – concerning each year that billions of skills securities are stolen in companies around the world.
Unsurprisingly, ransomware has exceeded the table for the number of incidents, with more than 90% of cases of response to incidents for medium -sized organizations and 70% of small profitability analyzes involving the attack.
Digital detritus
A notable trend in cybersecurity is the increase in social engineering attacks, mainly to collect identification information in order to move forward in the targeted network of the organization. This is largely due to AI allowing attackers to send more sophisticated phishing attacks at a higher pace than ever.
“In recent years, attackers have agressively targeted EDGE aircraft. The combination of the problem is the growing number of end -of -life devices (EOL) found in nature – a problem that Sophos calls digital detritus. Because these devices are exposed to the Internet and are often low on the priority list of Patch, they are a highly effective method for infiltration networks, “said Sean Gallagher, main researcher for shods.
Obsolete technology presents a serious risk for cybersecurity teams and costs organizational cost and safety risks – make life cycle management a part of cyber -defense.
“However, Targeting Edge Devices is part of a greater change that we are witnessing which the attackers do not have to deploy personalized malware. Instead, they can use the own business systems, increase their agility and hide in the places that security leaders are not looking for,” adds Gallagher.
