banner1
banner2

HOME
Security

Sophos finds 'digital detritus' a key risk factor for network edge attacks

by VARINDIA 2025-04-21
Sophos finds 'digital detritus' a key risk factor for network edge attacks

Sophos has released its Annual Threat Report 2025: Cybercrime on Main Street, providing insights into the top security threats faced by small and medium-sized businesses in 2024. The report reveals that nearly 30% of cyberattacks were initiated through compromised network edge devices, such as firewalls, routers, and VPNs, marking the primary entry point for attackers.

"Over the past several years, attackers have aggressively targeted edge devices," said Sean Gallagher, principal threat researcher at Sophos. "Compounding the issue is the increasing number of end-of-life (EOL) devices found in the wild – a problem Sophos calls digital detritus. Because these devices are exposed to the internet and often low on the patching priority list, they are a highly effective method for infiltrating networks."

The report found that VPNs were the most frequent compromise point, accounting for over 25% of all incidents and 25% of ransomware and data exfiltration events. "Attackers don't have to deploy custom malware anymore," Gallagher explained. "Instead, they can exploit businesses' own systems, increasing their agility and hiding in the places security leaders aren't looking."

Other key findings from the Sophos report include:

• Ransomware still the biggest threat: Ransomware accounted for over 90% of incident response cases involving midsized organizations, and 70% of cases involving small businesses.

• MFA is no longer enough: Attackers are bypassing multi-factor authentication through adversary-in-the-middle authentication token capture, using phishing platforms to mimic the authentication process and steal credentials.

• Attackers favour commercial Remote access tools: The most frequently abused legitimate, trusted tools were commercial remote access tools, involved in 34% of incident response and managed detection and response cases.

• Attackers are evolving their social engineering tactics: Attackers are turning to the abuse of QR codes (quishing) and phone messages (vishing) to compromise businesses, as well as email bombing - sending thousands of spam emails in as little as one or two hours.

er

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Veeam supercharges data protection with AI via Anthropic MCP integration

Veeam supercharges data protection with AI via Anthropic MCP integration

Tenable Research exposes ConfusedComposer vulnerability in Google Cloud Platform

Tenable Research exposes ConfusedComposer vulnerability in Google Cloud Platform

Veeam’s DRMM framework to help organizations assess their data resilience posture

Veeam’s DRMM framework to help organizations assess their data resilience posture

SOFTWARE
View All
Zoom unveils custom AI tools to streamline meetings, tasks, and scheduling

Zoom unveils custom AI tools to streamline meetings, tasks, and scheduling

Deloitte India launches Near Zero Cost ERP Migration with SAP and AWS

Deloitte India launches Near Zero Cost ERP Migration with SAP and AWS

Air India enhances customer experience with Salesforce Agentforce and agentic AI integration

Air India enhances customer experience with Salesforce Agentforce and agentic AI integration

START - UP
View All
Data Safeguard Secures Seed Funding from Auxano Capital

Data Safeguard Secures Seed Funding from Auxano Capital

Perkant Tech raises INR 6.6 crore Seed Round Led by YourNest Venture Capital & Govt. Initiatives

Perkant Tech raises INR 6.6 crore Seed Round Led by YourNest Venture Capital & Govt. Initiatives

Second Edition of Startup Mahakumbh

Second Edition of Startup Mahakumbh

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

wew
wrdf
Start-Up and Unicorn Ecosystem
Investing.com Launches WarrenAI - A Cutting-Edge AI-Driven ‘Financial Researcher’

Investing.com Launches WarrenAI - A Cutting-Edge AI-Driven ‘Financial Researcher’

BAS Explained: Uncovering Hidden Security Gaps in Your Defenses

BAS Explained: Uncovering Hidden Security Gaps in Your Defenses

CDR: A Necessity for Securing Today's Digital Estate

CDR: A Necessity for Securing Today's Digital Estate

ChatGPT, Grok 3 Ghibli Art: Your Photos at Risk?

ChatGPT, Grok 3 Ghibli Art: Your Photos at Risk?

Safety of using AI remains a question mark

Safety of using AI remains a question mark

Adobe and the Rise of Alternative Creative Platforms

Adobe and the Rise of Alternative Creative Platforms

Deepak Fertilisers transforms data infrastructure with Snowflake’s AI Data Cloud

Deepak Fertilisers transforms data infrastructure with Snowflake’s AI Data Cloud

Trump Tariffs Could Stall Big Tech's AI and Cloud Expansion

Trump Tariffs Could Stall Big Tech's AI and Cloud Expansion

Innovation is at the core of Indian Start-ups

Innovation is at the core of Indian Start-ups

AI: Shaping the Future of Data Center Infrastructure

AI: Shaping the Future of Data Center Infrastructure

dsf