Credit: PR Image Factory/Adobe Stock
Most ransomware claims start with threat actors compromising perimeter security appliances like firewalls and VPNs, according to a recent study by Coalition.
Across all ransomware claims in 2024, the most common initial access vectors were stolen credentials at 47% and software exploits at 29%, the data showed, with 45,000 software vulnerabilities predicted for 2025—a rate of nearly 4,000 per month and a 15% jump over the first 10 months of 2024.
“While ransomware is a serious concern for all businesses, these insights demonstrate that threat actors’ ransomware playbook hasn’t evolved all that much—they’re still going after the same tried and true technologies with many of the same methods,” said Alok Ojha, Coalition’s head of products, security.
“This means that businesses can have a reliable playbook, too, and should focus on mitigating the riskiest security issues first to reduce the likelihood of ransomware or another cyber-attack,” he added. “Continuous attack surface monitoring to detect these technologies and mitigate possible vulnerabilities could mean the difference between a threat and an incident.”
Vendors like Fortinet, Cisco, SonicWall, Palo Alto Networks and Microsoft build the most commonly compromised products, according to the study.
Other key takeaways…
- The majority of ransomware claims started with threat actors compromising perimeter security appliances (58%) or remote desktop software (18%).
- Exposed logins are an underappreciated driver of ransomware risk. Coalition detected over five million internet-exposed remote management solutions and tens of thousands of exposed login panels across the internet.
- AI-driven risk prioritization can address notification fatigue. Coalition sent Zero-Day Alerts for just 0.15% of all vulnerabilities published in the first 10 months of 2024.
- Most proactive alerts sent by Coalition in 2024 concerned configuration issues, such as exposed login panels, exposed services, and risky technologies.
Meanwhile, the cyber insurance market peaked at roughly $17.77 billion in 2024 and is projected to reach $21.67 billion in 2025.
“The cyber insurance market is ever changing with new insurance companies entering the market and others departing,” said Arthur Armstrong, a partner in Reed Smith’s insurance recovery group.
“Likewise, policy forms are continuously evolving to address new and different cyber risks,” he added. “Unfortunately, this has led to more exclusions and sublimits that negatively affect cyber coverage overall. A policyholder should work with an experienced broker to ensure that it is obtaining appropriate coverage with respect to scope and available policy limits.”
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.