Network Edge Devices: The Primary Target for Cybercriminals in 2024
Sophos has released its Annual Threat Report 2025: Cybercrime on Main Street, highlighting the biggest security threats faced by small and medium-sized businesses in 2024. The report reveals that the primary method attackers used to infiltrate networks was through network edge devices such as firewalls, routers, and VPNs, accounting for nearly 30% of initial compromises.
Sean Gallagher, Principal Threat Researcher at Sophos, emphasized the growing threat: “Over the past several years, attackers have aggressively targeted edge devices. Compounding the issue is the increasing number of end-of-life (EOL) devices found in the wild – a problem Sophos calls digital detritus. Because these devices are exposed to the internet and often low on the patching priority list, they are a highly effective method for infiltrating networks.”
“Over the past several years, attackers have aggressively targeted edge devices.”
— Sean Gallagher, Principal Threat Researcher, Sophos
The report found that VPNs were the most frequent compromise point, responsible for over 25% of all incidents and 25% of ransomware and data exfiltration events. Gallagher noted, “Attackers don’t have to deploy custom malware anymore. Instead, they can exploit businesses’ own systems, increasing their agility and hiding in the places security leaders aren’t looking.”
Key Findings from the Sophos Report
- Ransomware: Remains the biggest threat, accounting for over 90% of incident response cases involving midsized organizations and 70% of cases involving small businesses.
- Multi-Factor Authentication (MFA): Attackers are bypassing MFA through adversary-in-the-middle authentication token capture, using phishing platforms to mimic the authentication process and steal credentials.
- Remote Access Tools: The most frequently abused legitimate tools were commercial remote access tools, involved in 34% of incident response and managed detection and response cases.
- Social Engineering Tactics: Attackers are evolving their tactics, turning to the abuse of QR codes (quishing) and phone messages (vishing) to compromise businesses, as well as email bombing—sending thousands of spam emails in a short period.