Sophos’ Annual Threat Report 2025 reveals that nearly 30% of cyberattacks in 2024 began at network edge devices like VPNs and firewalls, with outdated, unpatched hardware creating critical vulnerabilities for small and medium-sized businesses.
MALAYSIA, 23 APRIL 2025 – Sophos has released its Annual Threat Report 2025, highlighting a surge in cyberattacks targeting the digital “edge” — the vulnerable entry points of business networks, such as firewalls, routers, and virtual private networks (VPNs). The report paints a stark picture of how outdated and overlooked devices, dubbed “digital detritus,” have become prime targets for cybercriminals.
According to the report, nearly 30% of initial compromises in 2024 were traced to network edge devices, with VPNs alone accounting for over 25% of all incidents, including ransomware attacks and data exfiltration.
“Over the past several years, attackers have aggressively targeted edge devices,” said Sean Gallagher, principal threat researcher at Sophos. “Many of these are end-of-life systems, no longer supported or patched, making them perfect gateways for intrusion.”
Among the most alarming findings:
- Ransomware remains the top threat, responsible for over 90% of incidents affecting midsized businesses, and 70% for small businesses.
- Multi-factor authentication (MFA) is being bypassed, as attackers exploit authentication token capture through phishing platforms.
- Legitimate remote access tools are being hijacked, with commercial software used in 34% of all Sophos’ incident response cases.
- Social engineering tactics are evolving, with attackers now abusing QR codes (quishing), phone messages (vishing), and email bombing campaigns to breach organizations.
“Attackers are exploiting what businesses already have,” Gallagher noted. “They no longer need to rely on custom malware when a company’s own tools and overlooked systems can do the job.”
The report underscores an urgent need for businesses to audit their infrastructure, prioritize patching, and retire vulnerable, unsupported devices to defend against today’s rapidly evolving threat landscape.
The full report is available on Sophos’ website.
