ADVERTISEMENT
TechEconomy
Sunday, June 1, 2025
No Result
View All Result
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
      • Accessories
      • Phones
      • Laptop
      • Gadgets and Appliances
      • Apps
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
      • Broadband
    • Mobility
    • Environment
    • Travel
    • Commerce
    • StartUPs
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • Appointment
    • EventDIARY
    • Editorial
  • Apply
  • TecheconomyTV
  • Techeconomy Events
  • BusinesSENSE For SMEs
  • TBS
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
      • Accessories
      • Phones
      • Laptop
      • Gadgets and Appliances
      • Apps
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
      • Broadband
    • Mobility
    • Environment
    • Travel
    • Commerce
    • StartUPs
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • Appointment
    • EventDIARY
    • Editorial
  • Apply
  • TecheconomyTV
  • Techeconomy Events
  • BusinesSENSE For SMEs
  • TBS
No Result
View All Result
Tech | Business | Economy
No Result
View All Result
Podcast

Home » Sophos: Cybercriminals Abuse Remote Desktop Protocol (RDP) in 90% of Attacks in 2023

Sophos: Cybercriminals Abuse Remote Desktop Protocol (RDP) in 90% of Attacks in 2023

Staff Writer by Staff Writer
April 5, 2024
in Security
0
John Shier, field CTO, Sophos
John Shier, field CTO, Sophos

John Shier, field CTO, Sophos

RelatedPosts

Cyberdefence SensePost

SensePost debuts SecDevOps: A developer-oriented Security Training Course

May 29, 2025

Check Point to Acquire Veriti Cybersecurity

May 28, 2025
  • Level of RDP Abuse Unprecedented Since Launch of Report in 2020
  • External Remote Services Were the Number-One Way Attackers Initially Breached Networks

Sophos, a global leader of innovative security solutions that defeat cyberattacks, today released the Active Adversary analysis, “It’s Oh So Quiet (?): The Sophos Active Adversary Report for 1H 2024.”

The report, which analyzes more than 150 incident response (IR) cases handled by the Sophos X-Ops IR team in 2023, found that cybercriminals abused remote desktop protocol (RDP)—a common method for establishing remote access on Windows systems—in 90% of attacks.

This was the highest incidence of RDP abuse since Sophos began releasing its Active Adversary reports in 2021, covering data from 2020.

In addition, external remote services such as RDP were the most common vector by which attackers initially breached networks; they were the method of initial access in 65% of IR cases in 2023.

External remote services have consistently been the most frequent source of initial access for cybercriminals since the Active Adversary reports were launched in 2020, and defenders should consider this a clear sign to prioritize the management of these services when assessing risk to the enterprise.

“External remote services are a necessary, but risky, requirement for many businesses. Attackers understand the risks these services pose and actively seek to subvert them due to the bounty that lies beyond. Exposing services without careful consideration and mitigation of their risks inevitably leads to compromise. It doesn’t take long for an attacker to find and breach an exposed RDP server, and without additional controls, neither does finding the Active Directory server that awaits on the other side,” said John Shier, field CTO, Sophos.

In one Sophos X-Ops customer case, attackers successfully compromised the victim four times within six months, each time gaining initial access through the customer’s exposed RDP ports.

Once inside, the attackers continued to move laterally throughout the customer’s networks, downloading malicious binaries, disabling endpoint protection, and establishing remote access.

Compromised credentials and exploiting vulnerabilities are still the two most common root causes of attacks. However, the 2023 Active Adversary Report for Tech Leaders, released last August, found that in the first half of that year, for the first time, compromised credentials surpassed vulnerabilities as the most frequent root cause of attacks.

This trend continued through the rest of 2023, with compromised credentials representing the root cause of over 50% of IR cases for the entire year.

When looking at Active Adversary data cumulatively over the years from 2020 through 2023, compromised credentials were also the number one “all-time” root cause of attacks, involved in nearly a third of all IR cases.

Yet despite the historical prevalence of compromised credentials in cyberattacks, in 43% of IR cases in 2023, organizations did not have multi-factor-authentication configured.

Exploiting vulnerabilities was the second most common root cause of attacks, both in 2023 and when analyzing data cumulatively from 2020 through 2023, accounting for the root cause in 16% and 30% of IR cases, respectively.

“Managing risk is an active process. Organizations that do this well experience better security situations than those that don’t in the face of continuous threats from determined attackers. An important aspect of managing security risks, beyond identifying and prioritizing them, is acting on the information. Yet, for far too long, certain risks such as open RDP continue to plague organizations, to the delight of attackers who can walk right through the front door of an organization. Securing the network by reducing exposed and vulnerable services and hardening authentication will make organizations more secure overall and better able to defeat cyberattacks,” said Shier.

The Sophos Active Adversary Report for 1H 2024 is based on more than 150 incident response (IR) investigations spanning the globe across 26 sectors.

Targeted organizations are located in 23 different countries, including the United States, Canada, Mexico, Colombia, the United Kingdom, Sweden, Switzerland, Spain, Germany, Poland, Italy, Austria, Belgium, the Philippines, Singapore, Malaysia, India, Australia, Kuwait, the United Arab Emirates, Saudi Arabia, South Africa, and Botswana.

To learn more about the current adversary landscape, read It’s Oh So Quiet (?): The Sophos Active Adversary Report for 1H 2024 on Sophos.com.

Loading

Advertisements
MTN ADS

Author

  • Staff Writer
    Staff Writer

    View all posts
0Shares
Tags: BinanceChangpeng Zhaofield CTOJohn ShierSophos
Previous Post

Transcorp Pretax Profit Balloons by 93%

Next Post

Five Governance Strategies That Can Help Accelerate AI Opportunity in Africa

Staff Writer

Staff Writer

Related Posts

Cyberdefence SensePost
Security

SensePost debuts SecDevOps: A developer-oriented Security Training Course

by Destiny Eseaga
May 29, 2025
0

Orange Cyberdefence SensePost will be launching a new information security training course aimed at enriching software developers with security thinking....

Read more
Check Point to acquire Veriti

Check Point to Acquire Veriti Cybersecurity

May 28, 2025
Autonomous Cyber threats | Nigeria - Transparent Transformation, Bridging digital divide, Nigerian Businesses and cybersecurity by Oluwole Asalu

Nigeria Must Prepare for the Rise of Autonomous Cyber Threats

May 27, 2025
DDoS and NETSCOUT

Nigeria, Mali Lead West Africa in DDoS Attacks for Late 2024, Says NETSCOUT

May 27, 2025
Airtel Photo AI SPAM ALERT - Copyright - Techeconomy

Airtel AI Spam Alert Service Flags 9.6 million Spam Attempts in Two Months

May 26, 2025
Business security by John Mc Loughlin, J2 Software CEO | Honeypot as a Service

Why We Introduced ‘Honeypot as a Service’ – J2 Software

May 20, 2025
Next Post
Five AI Strategies for Africa by Akua Gyekye

Five Governance Strategies That Can Help Accelerate AI Opportunity in Africa

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Techeconomy Podcast

Techeconomy Podcast
Techeconomy Podcast

Infowave is brought to you by TechEconomy. Every week we will bring new stories from startups and influencers who are shaping and changing the world we live in. We’ll also bring you reports on topics you should know.

Follow us @techeconomyng for more.

TECH TALK EPISODE 2
byTecheconomy

PRODUCTIVITY AND WORK-Life Balance

TECH TALK EPISODE 2
TECH TALK EPISODE 2
May 22, 2025
Techeconomy
CYBERSECURITY ESSENTIALS
April 24, 2025
Techeconomy
Digital Marketing Trends and strategies for 2025 and beyond
February 27, 2025
Techeconomy
Major Lesson for Techies in 2024 and Projections for 2025
December 6, 2024
Techeconomy
Major Lessons for Techies in an AI-Driven World | Techeconomy Business Series Highlights
November 26, 2024
Techeconomy
Maximizing Profitability Through Seasonal Sales: Strategies For Success
November 8, 2024
Techeconomy
Techeconomy Business Series
October 15, 2024
Techeconomy
PRIVACY IN THE ERA OF AI: GETTING YOUR BUSINESS READY
May 30, 2024
Techeconomy
Unravel the Secrets of Marketing Everywhere All At Once with Isaac Akanni from Infobip | Infowave Podcast Episode 1
February 9, 2024
Techeconomy
The Role of Ed-tech in Life Long Learning and Continuous Education
October 19, 2023
Techeconomy
Search Results placeholder

WHAT IS TRENDING

https://www.youtube.com/watch?v=g_MCUwS2woc&list=PL6bbK-xx1KbIgX-IzYdqISXq1pUsuA4dz

Follow Us

  • About Us
  • Contact Us
  • Careers
  • Privacy Policy

© 2025 Techeconomy - Designed by Opimedia.

No Result
View All Result
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
      • Accessories
      • Phones
      • Laptop
      • Gadgets and Appliances
      • Apps
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
      • Broadband
    • Mobility
    • Environment
    • Travel
    • Commerce
    • StartUPs
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • Appointment
    • EventDIARY
    • Editorial
  • Apply
  • TecheconomyTV
  • Techeconomy Events
  • BusinesSENSE For SMEs
  • TBS

© 2025 Techeconomy - Designed by Opimedia.

Translate »
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.