Sophos, a worldwide pioneer in cutting-edge cybersecurity measures against cyber threats, has published the 2025 Sophos Active Adversary Report. This report outlines adversary behavior and tactics derived from more than 400 Managed Detection and Response (MDR) and Incident Response (IR) engagements conducted throughout 2024.
The study revealed that the main method used by attackers to initially infiltrate networks (accounting for 56 percent of all incidents across MDR and IR) involved exploiting external remote services. This encompasses edge devices like firewalls and VPNs, often through the use of legitimate credentials.
For two consecutive years, stolen login information has topped the list as the primary reason for cyberattacks, accounting for 41% of all incidents. Coming right after this are security weaknesses being taken advantage of (21.79%) and password guessing attempts through brute force methods (21.07%).
In examining MDR and IR cases, the Sophos X-Ops team focused particularly on incidents involving ransomware, data exfiltration, and data extortion to determine the speed with which attackers advanced through various phases of their assault inside a company. For these three categories, the midpoint duration from the initiation of an attack to the extraction of data was just 72.98 hours (or about 3.04 days). Additionally, once data had been extracted, it took merely a median timeframe of 2.7 hours for the breach to be detected.
“Passive security is no longer enough. While prevention is essential, rapid response is critical. Organisations must actively monitor networks and act swiftly against observed telemetry. Coordinated attacks by motivated adversaries require a coordinated defense.
US and Nigeria will host a conference focused on the digital economy and emerging technologies. According to the IMF, financial institutions have suffered losses of $2.5 billion due to cyber attacks over four years. Meta plans to obscure nude images on Instagram to enhance teenage user safety.
For numerous organizations, this involves integrating industry-specific insights with expertise-driven detection and response strategies. As our report indicates, entities employing active surveillance identify threats more swiftly and achieve superior results,” stated Mr. John Shier, field CISO.
“Attackers Can Seize Control of a System Within 11 Hours: According to the study, the average timeframe from an attacker’s initial move until their first (typically successful) effort to compromise Active Directory (AD), which is arguably among the most critical components in any Windows network, was merely 11 hours. Upon succeeding, these adversaries gain easier access to control the entire organization,” the document stated.
ALSO SEE: Report Reveals 586,130 Cyber Attacks Targeted Nigeria’s Financial and Telecom Sectors Over Six Months
Stay updated with the latest news from Tribune Online in real time! Connect with us on WhatsApp for immediate alerts, special reports, behind-the-scenes interviews, and additional content. Subscribe to our WhatsApp channel today!
Provided by SyndiGate Media Inc.
Syndigate.info
).
Related posts:
CUProf Sahid Claims FAO/IAMCR Award for Groundbreaking Rural Communication Research
Disney to Acquire Full Control of Hulu for $439M: A Streaming Giant Takes Over
Albert Ojwang: Kenyan TikToker Recreates Chilling Police Scene From Blogger’s Death
Romantic Notes Discovered at University of Southern Maine Date Back to the 1800s
