Interviews - News - Analysis: For successful growth with Managed Security Services

Remote services are the most common gateway for cyber criminals

As part of an investigation, Sophos X-Ops analyzed more than 150 incident response (IR) cases that it processed in 2023. What did the experts discover with the data?

Cybercriminals abused Remote Desktop Protocol (RDP) in 90 percent of attacks in 2023, the highest frequency of RDP abuse since Sophos Active Adversary Reports began in 2021. RDP and other external remote services were the most common way to initially access networks in 65 percent of incident response (IR) cases. To make matters worse, compromised credentials were the most common cause of cyberattacks in 2023, responsible for more than 50 percent of IR cases. Despite this high figure, 43 percent of IR cases did not have multi-factor authentication configured, further increasing the vulnerability of the affected systems.