Sophos Threat Report 2025

Keypoints

• Annual cybersecurity reports typically include an introduction, data sources explanation, analysis of cybercrime trends, detailed sections on attack techniques, notable vulnerabilities, conclusions, and appendices with technical details.
• The Sophos Report presents data collected from endpoint telemetry and incident response cases specifically focusing on small and midsized businesses during 2024.
• Ransomware accounted for 70% of incidents in small businesses and over 90% in midsized organizations, remaining the leading cyber threat.
• Although ransomware attacks slightly declined in frequency, their overall financial impact has increased according to Sophos’ State of Ransomware data.
• Compromised network edge devices such as firewalls and VPN appliances were involved in roughly 25-33% of initial compromises, highlighting the risk from misconfigured or outdated hardware and software.
• Software-as-a-service platforms are increasingly exploited for social engineering and malware deployment, reflecting evolving attacker tactics.
• Business email compromise activities are rising, especially through MFA phishing techniques that capture credentials and authentication tokens in real-time.
• Mobile threats involving fraudulent apps and scams via SMS and messaging contribute to cyber risks faced by small and midsized businesses.
• Published vulnerabilities like CVE-2024-40711 in backup software Veeam are rapidly weaponized, often exploited within weeks of disclosure, contributing to initial access for ransomware and other malicious actors.
• Recurring themes include the exploitation of unpatched systems, adversarial AI in attacks, and the continued prevalence of social engineering methods like Teams vishing and quishing.
• The report underscores the importance of patch management, network device security, and enhanced detection strategies to mitigate evolving cybercrime patterns.