Sophos’s latest cybersecurity report reveals a concerning surge in remote desktop protocol (RDP) abuse, with RDP implicated in 90% of cyberattacks in 2023. Despite compromised credentials becoming the leading cause of attacks, many organizations still lack multi-factor authentication, highlighting critical vulnerabilities in their security infrastructure.
17 April 2024 – Sophos, a leading provider of cutting-edge cybersecurity solutions, has unveiled its latest report, “It’s Oh So Quiet (?): The Sophos Active Adversary Report for 1H 2024.” This comprehensive analysis, drawing from over 150 incident response (IR) cases handled by the Sophos X-Ops IR team in 2023, unveils concerning trends in cyber threats.
The report highlights a sharp rise in cybercriminals exploiting remote desktop protocol (RDP), with RDP abuse detected in a staggering 90% of attacks—the highest incidence recorded since Sophos initiated its Active Adversary reports in 2021. Furthermore, external remote services, including RDP, remain the primary entry point for attackers, accounting for 65% of initial network breaches in 2023.
John Shier, Sophos’s field Chief Technology Officer (CTO), emphasizes the critical need for organizations to prioritize the management of external remote services to mitigate risks effectively. Despite the increasing prevalence of compromised credentials as the primary root cause of attacks, with over 50% of incidents in 2023 attributed to this factor, a concerning 43% of organizations still lack multi-factor authentication.
The report, based on extensive investigations across 26 sectors and spanning 23 countries, underscores the global nature of cyber threats and the urgent need for proactive cybersecurity measures.
