Sophos, a global leader in innovative security solutions for defeating cyberattacks, has released the 2025 Sophos Active Adversary Report, which details attacker behaviour and techniques from over 400 Managed Detection and Response (MDR) and Incident Response (IR) cases in 2024.
The report found that the primary way attackers gained initial access to networks (56 percent of all cases across MDR and IR) was by exploiting external remote services, which includes edge devices such as firewalls and VPNs, by leveraging valid accounts.
The combination of external remote services and valid accounts aligns with the top root causes of attacks. For the second year in a row, compromised credentials were the number one root cause of attacks (41 percent of cases). This was followed by exploited vulnerabilities (21.79 percent) and brute force attacks (21.07 percent).
When analysing MDR and IR investigations, the Sophos X-Ops team looked specifically at ransomware, data exfiltration, and data extortion cases to identify how fast attackers progressed through the stages of an attack within an organisation. In those three types of cases, the median time between the start of an attack and exfiltration was only 72.98 hours (3.04 days). Furthermore, there was only a median of 2.7 hours from exfiltration to attack detection.
“Passive security is no longer enough. While prevention is essential, rapid response is critical. Organisations must actively monitor networks and act swiftly against observed telemetry. Coordinated attacks by motivated adversaries require a coordinated defense.
For many organisations, that means combining business-specific knowledge with expert-led detection and response. Our report confirms that organisations with proactive monitoring detect attacks faster and experience better outcomes,” said Mr John Shier, field CISO.
“Attackers Can Take Control of a System in Just 11 Hours: The median time between attackers’ initial action and their first (often successful) attempt to breach Active Directory (AD)—arguably one of the most important assets in any Windows network—was just 11 hours. If successful, attackers can more easily take control of the organization,” the report added.
READ ALSO: Nigeria’s financial, telecoms’ firms hit by 586,130 cyber attacks in six months —Report
Niger State Governor, Mohammed Umaru Bago, on Sunday, announced a donation of N50 million to…
The Federal Competition and Consumer Protection Commission (FCCPC) has stated that even if Mata or…
The attention of the management of the Presidential CNG Initiative (PCNGI) has been drawn to…
Niger Governor, Mohammed Umaru Bago, has congratulated his deputy, Comrade Yakubu Garba, on his 51st…
The world is celebrating Halima Cissé and Abdelkader Arby from Mali as their record-breaking nonuplets,…
“So any man who is tired of his political party should be ready to forfeit…
This website uses cookies.