Attackers Exploit Remote Services in 56% of Cases: Sophos Report
In its latest report, Sophos has shed light on the tactics and techniques used by attackers to breach networks. The 2025 Sophos Active Adversary Report reveals that in 56% of cases, attackers gained initial access to networks by exploiting external remote services. This finding highlights the importance of securing remote access to networks and the need for organizations to implement robust security measures to prevent these types of attacks.
The report analyzed data from over 400 Managed Detection and Response (MDR) and Incident Response (IR) cases in 2024, providing valuable insights into attacker behavior and techniques. The research found that attackers often use legitimate login credentials to gain access to networks, rather than resorting to more traditional methods such as phishing or social engineering.
The report’s findings are a wake-up call for organizations, which often focus on securing their networks from external threats. While network perimeter security is essential, the report shows that attackers are increasingly exploiting remote services to gain access to networks. This highlights the need for a more comprehensive approach to security, one that includes measures to protect remote access to networks.
So, what are remote services, and how can attackers exploit them?
What are Remote Services?
Remote services are external services that allow users to access a network or system from outside the organization. These services can include remote desktop protocols (RDP), virtual private networks (VPNs), and web-based applications. While remote services provide convenience and flexibility, they also create a potential entry point for attackers.
How Attackers Exploit Remote Services
Attackers often exploit remote services by using stolen or weak login credentials to gain access to networks. This can be done by:
- Stealing credentials: Attackers can steal login credentials through phishing, social engineering, or by compromising other systems that share the same login credentials.
- Guessing passwords: Attackers can use brute-force techniques or automated tools to guess login credentials.
- Exploiting vulnerabilities: Attackers can exploit vulnerabilities in remote services, such as outdated software or unpatched flaws, to gain access to networks.
Once attackers gain access to a remote service, they can use it to move laterally within the network, stealing data, installing malware, or creating backdoors for future access.
Consequences of Attacker Exploitation of Remote Services
The consequences of attacker exploitation of remote services can be severe, including:
- Data breaches: Attackers can steal sensitive data, including financial information, personal identifiable information (PII), and intellectual property.
- Network disruption: Attackers can use remote services to disrupt network operations, causing downtime, slow performance, or complete network outages.
- Malware spread: Attackers can use remote services to spread malware, including ransomware, botnets, and other types of malicious software.
- Compliance and reputational risks: Breaches of remote services can result in compliance and reputational risks, including fines, penalties, and damage to an organization’s reputation.
Mitigating the Risk of Remote Service Exploitation
To mitigate the risk of remote service exploitation, organizations should take the following steps:
- Implement strong authentication: Require strong authentication, such as multi-factor authentication, for all remote services.
- Use secure protocols: Use secure protocols, such as SSL/TLS, to encrypt data transmitted over remote services.
- Keep software up-to-date: Keep remote services and underlying software up-to-date with the latest security patches and updates.
- Monitor remote services: Monitor remote services for suspicious activity and implement measures to detect and respond to attacks.
- Limit access: Limit access to remote services to only those who need it, and use role-based access control to restrict privileges.
Conclusion
The Sophos report highlights the importance of securing remote services to prevent attackers from exploiting them. By implementing robust security measures, organizations can reduce the risk of remote service exploitation and protect their networks and data from cyber threats. As the report shows, attackers are increasingly using legitimate login credentials to gain access to networks, making it essential for organizations to prioritize strong authentication and access control.
News Source:
