cxo voice
  • Home
  • Technology
    • AI
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • Cyber Security
  • View Points
  • Leaders Talk
  • News
  • Press Release
    • Submit Press Release
No Result
View All Result
  • Home
  • Technology
    • AI
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • Cyber Security
  • View Points
  • Leaders Talk
  • News
  • Press Release
    • Submit Press Release
No Result
View All Result
Leaders Talk and Latest Tech News | CXO VOICE
No Result
View All Result
Home News Cyber Security

Most Attackers Logged In Instead of Breaking In: Sophos Report

Deepa Sharma by Deepa Sharma
April 3, 2025
Attackers

Image Credit: Pixabay

Sophos has released the ‘2025 Sophos Active Adversary Report.’ This report explores how attackers behave and what methods they use based on over 400 cases of Managed Detection and Response (MDR) and Incident Response (IR) from 2024. The report found that in 56% of these cases, attackers entered networks by exploiting external remote services, like firewalls and VPNs, with valid account passwords.

The combination of external remote services and valid accounts aligns with the top root causes of attacks. For the second year in a row, compromised accounts were responsible for 41% of cases. The next biggest reasons were exploited vulnerabilities (21.79%) and brute force attacks (21.07%).

The Sophos X-Ops team examined ransomware cases like data theft and data extortion to see how quickly attackers acted. They found that the average time from the start of an attack to the data stolen was just under 73 hours (3.04 days). Additionally, once the data was stolen, it took only about 2.7 hours for the attack to be detected.

“Passive security is no longer enough. Organizations must closely watch their networks and respond quickly if they notice any problems. Attacks from determined adversaries require a strong defense. This often means blending knowledge about the business with expert help in detection and response,” said John Shier, field CISO.

Other Key Findings from the 2025 Sophos Active Adversary Report:

  • Attackers can take control of a system in just 11 hours: On average, it took attackers 11 hours from their initial action to their first attempt at breaching Active Directory, a crucial part of any Windows network. If they succeed, they can easily gain control of the organization.
  • Top Ransomware Groups in Sophos Cases: Akira was the most common ransomware group in 2024, followed by Fog and LockBit, despite a major takedown of LockBit earlier in the year. – Dwell Time is Down to Just 2 Days: Overall, the time it takes to detect attacks, known as “dwell time,” reduced from 4 days to just 2 days in 2024, mainly due to more MDR cases being included.
  • Dwell Time is Down to Just 2 Days: Overall, the time it takes to detect attacks, known as “dwell time,” reduced from 4 days to just 2 days in 2024, mainly due to more MDR cases being included.
  • Dwell Time in IR Cases: Dwell time remained stable at 4 days for ransomware attacks and 11.5 days for non-ransomware cases. 
  • Dwell Time in MDR Cases: In MDR cases, dwell time was only 3 days for ransomware and just 1 day for non-ransomware, suggesting that MDR teams can find and respond to attacks quickly.
  • Ransomware Groups Work Overnight: In 2024, 83% of ransomware attacks happened outside of regular business hours.
  • Remote Desktop Protocol (RDP) is Common: RDP was involved in 84% of MDR and IR cases, making it the most commonly abused Microsoft tool.

Read the full report: The 2025 Sophos Active Adversary Report on Sophos.com.

ADVERTISEMENT

Also Read: Why A Homegrown LLM Is the Next Big Leap for India

Deepa Sharma

Deepa Sharma

Deepa Sharma is CXOVoice’s Managing Editor, overseeing all coverage technology, cybersecurity, banking, and financial coverage. She can be reached at [email protected]

Related Posts

Sophos Cyber Insurance f
Cyber Security

Unlocking Cyber Resilience: Sophos and Capsule Partner to Simplify Cyber Insurance for Businesses

May 21, 2025
Online Scams
Cyber Security

Airtel Launches AI-Powered Security Solution to Protect Customers from Online Scams

May 16, 2025
Secure Browsers
Cyber Security

The Rise of Secure Enterprise Browsers (SEBs): A Game Changer for Remote Work and Endpoint Security by 2028

April 29, 2025
Palo Alto Protect AI
Cyber Security

Palo Alto Networks to Acquire Protect AI, Amplifying AI Security Solutions

April 29, 2025
F-Secure and Orange
Cyber Security

F-Secure teams up with Orange to help protect consumers from online threats and scams

April 24, 2025
Vodafone IBM
Cyber Security

Vodafone and IBM Collaborate to Strengthen Smartphone Security with Quantum-Safe Cryptography

March 3, 2025
Verizon Accenture
Cyber Security

Verizon and Accenture Forge Strategic Alliance to Develop Advance Cybersecurity Solutions for Businesses

March 3, 2025
NTT DATA Palo Alto
Cyber Security

NTT DATA and Palo Alto Networks Strengthen Security for Private 5G in Industrial Deployments

February 27, 2025
Load More
ADVERTISEMENT

Latest Updates

Accenture and SIPAL

Accenture to Acquire SIPAL’s Integrated Product Support Business, Enhancing Engineering Services in Aerospace and Defense

by Deepa Sharma
6 hours ago

HCLTech and UiPath

HCLTech and UiPath Join Forces to Revolutionize Automation and Enhance Business Efficiency Globally

by Deepa Sharma
13 hours ago

(L-R) Amit Kapur, Country Head - UK & Ireland, TCS; Shai Weiss, CEO - Virgin Atlantic Signing the Partnership Document

Virgin Atlantic and TCS Extend Two-Decade Partnership to Modernize Airline Operations

by News Desk
13 hours ago

Michael Gonda

Michael Gonda Named New Executive Vice President and Chief Communications Officer at NIKE

by Deepa Sharma
16 hours ago

ANACITY Partners with Spintly

ANACITY Partners with Spintly to Deploy IoT-Powered Smart Access Mobile Apps Across Commercial Offices

by News Desk
18 hours ago

Lenovo and Bellevue University Team Up to Offer Supply Chain and Logistics Education to Deliver “Smarter Technology for All”

by Businesswire Desk
18 hours ago

Expert Views

Opinion

When AI Empowers Both Networks and Hackers: The New Battlefield for India’s Telecoms

May 20, 2025
Molly Sands AI
AI

AI RIP: 5 Things Knowledge Workers Will Say ‘Sayonara’ to in the Next Decade

March 8, 2025
multi cloud
Cloud

Multi-Cloud Made Simple: Strategies for Smart Business Management

March 5, 2025
Soft Skills
Opinion

Soft Skills and Technical Know-How: A Winning Combination in the Tech Industry

March 4, 2025
Digital Freedom
Cyber Security

Your Data, Their Gold: The Silent Battle for Digital Freedom

February 25, 2025

Get Latest Update

Subscribe to our mailing list to receives newsletter direct to your inbox!

ADVERTISEMENT

Leaders Interviews

Steve Wilson, GenAI Cybersecurity LLMs
Cyber Security

How effective is GenAI in cybersecurity? The role of LLMs and AI in security solutions. [Interview with Steve Wilson]

-
Interview on Counterfeit products with Nikhil Narayan
Leaders Talk

Advancements in ML & AI made it possible to detect counterfeit products in real-time, says Nikhil Narayan

-
Newgenone bridges the gap between business users and IT teams with its low code capability: Varun Goswami
Leaders Talk

Newgenone bridges the gap between business users and IT teams with its low code capability: Varun Goswami

-
AI chatbots, Prasanna-Kumar
Leaders Talk

Can AI chatbots enhance customer experience and reduce the cost of serving customers?

-

Entrepreneur

Samsung Electronics appoints its first female president

Inspiring Women Entrepreneurs in India (2022)

Technology Adoption For Entrepreneurs

Volunteering management is the need of the Hour

CXOVoice.com is a leading online publication for CXOs, entrepreneurs, senior leaders, developers, and industry professionals. Our coverage spans key sectors, including IT, technology, banking, finance, cybersecurity, engineering, and automobiles.

Connect with us

Easy Links

  • Cryptocurrency
  • Event
  • Blockchain
  • Press Release
  • Resources & Downloads

Write Us

[email protected]
  • Home
  • About Us
  • Contact Us
  • Advertise
  • Privacy & Policy
  • Feedback

Copyright © 2025 CXOVoice - All Right Reserved

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Our Spring Sale Has Started

You can see how this popup was set up in our step-by-step guide: https://wppopupmaker.com/guides/auto-opening-announcement-popups/

No Result
View All Result
  • Home
  • Technology
    • AI
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • Cyber Security
  • View Points
  • Leaders Talk
  • News
  • Press Release
    • Submit Press Release

Copyright © 2025 CXOVoice - All Right Reserved