In 2024, compromised network edge devices such as VPNs, firewalls, and remote access appliances were the leading cause of initial cyber intrusions in small and medium-sized businesses (SMBs), accounting for 30% of incidents, with VPN exploitation alone responsible for 19%. These devices, often lacking advanced security tools like EDR, were frequently targeted by attackers to gain initial access, particularly in ransomware and data exfiltration attacks. Sophos also observed a significant rise in the abuse of legitimate remote access tools like PSExec, AnyDesk, and ScreenConnect, which were used in 34% of cases to conceal post-exploitation activity. Remote ransomware attacks—executed from unmanaged systems outside security monitoring—rose by 50% from the previous year, bypassing traditional detection tools. Additionally, attackers enhanced their social engineering strategies with new techniques such as Microsoft Teams vishing, real-time MFA phishing using PhaaS platforms like EvilProxy, and the use of generative AI and QR code phishing (quishing), all contributing to the evolving cyber threat landscape.

‍