- Network Edge devices represent almost 30% of intrusion points
- Ransomware remains the most popular type of attack
- Devices at the end of life represent a serious risk for security
It will not be a big surprise to know that cyberactors are evolving their tactics, and that the number of attacks is growing every year. New Sofos research shows that these incidents involving network edge devices such as routers, VPN and Firewalls are becoming a growing intrusion point, which represents almost 30% of the initial commitments observed in the annual sophch threat report.
Within the exfiltration attacks of ransomware and data, the VPNs were the most popular type of initial commitment, which represents 25% of the events, even higher than the compromised credentials, which are in just over 15%, in relation to the theft of billions of credentials of companies around the world each year.
As expected, the ransomware exceeded the table for the number of incidents, with more than 90% of cases of response to incidents for medium organizations and 70% of cases of small businesses that involve the attack.
Digital detritus
A remarkable trend in cybersecurity is the increase in social engineering attacks, mainly to collect credentials to move towards the specific organization’s network. This is largely due to AI that allows attackers to send more sophisticated phishing attacks at a higher rate than ever.
“In recent years, attackers have aggressively directed edge devices. Fulfilling the problem is the growing number of end -of -life (EOL) devices found in nature: a problem that Sophos calls digital detritus. Because these devices are exposed to the list of priorities of patches already often low in the list of priorities of patches, they are a highly effective method for infiltrating networks,” said Gallagher, according to Gallagher sophos of the threat of patches.
Out -date technology raises a serious risk for cybersecurity equipment, and is costing organizations in operational costs and security risks, which makes life cycle management an integral part of cyber defense.
“However, the objective of EDGE devices is part of a larger change that we are witnessing in which the attackers do not have to implement personalized malware. On the other hand, the companies of the companies can exploit, increasing their agility and hiding in the places that security leaders are not looking for,” adds Gallagher.
