Perimeter Security Under Siege
Compromised perimeter security devices, particularly VPNs, accounted for 58% of all ransomware attack initial access vectors in 2024, according to cyber security insurance provider Coalition’s latest annual threat report. This alarming statistic highlights how threat actors continue to target vulnerable network boundaries as their preferred entry point for launching devastating cyberattacks against businesses of all sizes.
Coalition, which expanded its Active Insurance policies to the UK in 2022, found that remote desktop products ranked second, responsible for 18% of ransomware claims. This data confirms that attackers are maintaining consistent strategies rather than developing entirely new techniques.
“While ransomware is a serious concern for all businesses, these insights demonstrate that threat actors’ ransomware playbook hasn’t evolved all that much – they’re still going after the same tried and true technologies with many of the same methods,” explained Alok Ojha, Coalition’s head of security products.
Industry Giants in the Crosshairs
The report revealed that major cybersecurity vendors’ products were frequently compromised, including solutions from Cisco, Fortinet, Microsoft, Palo Alto Networks, and SonicWall. Threat actors primarily leveraged stolen credentials (47%) and software exploits (29%) as their preferred methods for gaining initial access to networks.
Coalition’s analysis specifically highlighted exposed login credentials as an increasingly critical but underappreciated ransomware risk factor. Their research uncovered more than five million exposed remote management solutions and tens of thousands of login panels visible on the public internet. Most concerning, approximately 65% of cyber insurance applicants had at least one internet-exposed web login panel.
Most Vulnerable Access Points
VPN admin login panels from Cisco and SonicWall represented over 19% of all detected exposed panels, followed closely by Microsoft email services. Coalition also observed numerous exposed Citrix panels throughout 2024, which contributed to significant financial losses.
The report specifically mentioned the infamous Change Healthcare incident in the United States, where attackers used stolen Citrix credentials combined with inadequate authentication protections to access critical systems, resulting in damages exceeding one billion dollars.
“This means that businesses can have a reliable playbook too, and should focus on mitigating the riskiest security issues first to reduce the likelihood of ransomware or another cyber attack,” Ojha emphasized. “Continuous attack surface monitoring to detect these technologies and mitigate possible vulnerabilities could mean the difference between a threat and an incident.”
Vulnerability Explosion Expected in 2025
Coalition provides zero-day alerts to its customers when new vulnerabilities emerge and continuously monitors for emerging threats. Their report highlighted widespread vulnerabilities affecting Citrix, Fortinet, Ivanti, and Palo Alto Networks products throughout 2024.
Looking ahead to 2025, Coalition analysts project a dramatic 15% increase in published vulnerabilities, potentially exceeding 45,000 total CVEs at a rate of nearly 4,000 new vulnerabilities monthly. This projection aligns with data from the Forum of Incident Response and Security Teams (First), which suggests vulnerability counts might surpass 50,000 this year.
Several factors contribute to this vulnerability explosion, including new participants in the CVE ecosystem, evolving disclosure compliance requirements, and rapidly expanding attack surfaces across the digital landscape.
Targeted Defense Strategies Critical for SMEs
Daniel Woods, senior security researcher at Coalition, emphasized the importance of strategic security investments: “This year’s report focuses on the most crucial security risks that under-resourced organisations should understand to better calibrate their defensive investments to bolster resilience.”
Woods further explained that effective security requires balancing investments across vulnerability management, configuration hardening, and threat intelligence while maintaining agility to respond to emerging threats like zero-day vulnerabilities actively exploited in the wild.
For small and medium enterprises with limited security resources, Coalition provides targeted Zero-Day Alerts to help prioritize vulnerabilities presenting the greatest immediate risk, reducing alert fatigue while maximizing protection against the most critical threats.
By focusing on securing perimeter devices, implementing multifactor authentication, and continuously monitoring for exposed credentials, organizations can significantly reduce their ransomware risk profile despite the growing threat landscape.
Discover the latest Provider news updates with a single click. Follow DistilINFO HospitalIT and stay ahead with updates. Join our community today!
Leave a Reply