In 2024, network edge devices were identified as the primary entry point in 30% of cybersecurity incidents targeting small and medium-sized businesses (SMBs). These devices, including VPN appliances, firewalls, and remote access tools, were the most frequent cause of initial network compromises. VPN devices alone accounted for 19% of these intrusions. Since these devices often lack advanced security tools like endpoint detection and response (EDR), they are increasingly targeted by cybercriminals seeking unauthorized access.
A troubling trend emerged in which attackers exploited vulnerabilities in these network edge devices. Many of these devices had outdated patches or were no longer supported by their vendors. The attackers relentlessly targeted these devices, especially since they often serve as gateways to larger, more sensitive networks. Experts noted that businesses must regularly update and manage these devices to avoid becoming prime targets for threat actors, such as ransomware groups.
Another disturbing finding from the 2024 report was the rise of remote ransomware attacks. These attacks, which bypass traditional malware detection systems, grew by 50% compared to 2023 and 141% since 2022. Cybercriminals conducted these attacks from unmanaged devices outside the range of endpoint protection software. By exploiting network file-sharing connections, they encrypted files without executing ransomware directly on the victim’s device, thereby evading detection measures.
Social engineering techniques have also evolved, with attackers leveraging new tools to enhance their efficiency. Sophos researchers observed a rise in Microsoft Teams vishing attacks and sophisticated MFA phishing strategies. Additionally, cybercriminals increasingly used generative AI to create fake profiles, images, and videos for social engineering. QR codes, or “quishing,” emerged as another tool to help attackers bypass traditional security defenses and deliver malicious payloads to unsuspecting victims.
Reference:
