According to the latest report from cybersecurity firm Sophos, ransomware emerged as the predominant form of cyberattack in 2023, constituting 70% of total attacks on businesses. The Sophos Active Adversary Report, which analyzed over 150 incident response (IR) cases handled by the Sophos X-Ops IR team, highlighted that Network Breach retained its position with a 19% occurrence rate in 2023. Interestingly, many network breaches were suspected to be unsuccessful ransomware attacks.
Sophos noted that network breaches spiked above the yearly average during quarters with lower ransomware prevalence. Remote Desktop Protocol (RDP) abuse surged, with cybercriminals exploiting RDP—a common method for remote access on Windows systems—in 90% of attacks, marking the highest incidence since Sophos began its reports in 2021. External remote services, including RDP, were attackers’ primary initial access point in 65% of IR cases in 2023.
John Shier, field CTO at Sophos, emphasized the necessity of managing the risks associated with external remote services, as attackers actively target them due to the potential for compromise. Compromised credentials and vulnerability exploitation remained the top causes of attacks, with compromised credentials surpassing vulnerabilities as the most frequent root cause for the first time in the first half of 2023. Despite this, multi-factor authentication was not configured in 43% of IR cases in 2023, underscoring the importance of implementing robust security measures.
The report covered organizations in 23 countries, highlighting the global nature of cyber threats and the need for comprehensive cybersecurity strategies across industries and regions.
