News Security

Sophos Report: Attackers Logging In, Not Breaking In, for Over Half of Cyber Incidents

Sophos

Median Time to Data Exfiltration Now Just Three Days

 A new Sophos Active Adversary Report reveals that in 56% of cyber incidents handled by Sophos Managed Detection and Response (MDR) and Incident Response (IR) teams, attackers gained access using valid credentials rather than exploiting vulnerabilities. Compromised credentials remained the top attack vector for the second consecutive year, accounting for 41% of cases, followed by exploited vulnerabilities (21.79%) and brute force attacks (21.07%).

“Passive security is no longer enough. Organizations must actively monitor networks and act swiftly against observed threats.” 

– John Shier, Field CISO, Sophos

The report, based on over 400 cases in 2024, highlights the speed of modern cyberattacks. The median time from initial compromise to data exfiltration was just 72.98 hours (3.04 days), while attackers took only 11 hours to attempt breaching Active Directory, a critical asset for Windows-based networks. The study also found that dwell time—the duration attackers remain undetected—has dropped to two days for MDR cases, indicating improved detection but also faster-moving threats.

Other Key Findings:

  • Ransomware remains a major threat: Akira was the most encountered ransomware group, followed by Fog and LockBit, despite a global crackdown on the latter.
  • Attackers strike outside business hours: 83% of ransomware deployments occurred at night or on weekends.
  • RDP remains a weak link: Remote Desktop Protocol (RDP) was involved in 84% of cases, making it the most frequently exploited Microsoft tool.

To mitigate these risks, Sophos recommends organizations close exposed RDP ports, implement phishing-resistant multifactor authentication (MFA), patch vulnerabilities promptly, and deploy 24/7 MDR or Endpoint Detection and Response (EDR) solutions.

Related posts

Genesys Customers Continue to Scale Cloud and AI Capabilities to Realise New Levels of Experience Orchestration in Fiscal Year 2025

Enterprise IT World MEA

AVEVA Announces Strategic Partnerships at AVEVA World 2025

Enterprise IT World MEA

Portworx Unveils Enterprise 3.3, Advancing Kubernetes-Based Virtualization

Enterprise IT World MEA

Leave a Comment