• Hausa Edition
  • Podcast
  • Conferences
  • LeVogue Magazine
  • Business News
  • Print Advert Rates
  • Online Advert Rates
  • Contact Us
Tuesday, July 7, 2026
Leadership Newspapers
No Result
View All Result
  • Home
  • News
  • Politics
  • Business
  • Sport
    • Football
  • Health
  • Entertainment
  • Education
  • Opinion
    • Editorial
    • Columns
  • Others
    • LeVogue Magazine
    • Conferences
    • National Economy
  • Contact Us
Hausa Edition
  • Home
  • News
  • Politics
  • Business
  • Sport
    • Football
  • Health
  • Entertainment
  • Education
  • Opinion
    • Editorial
    • Columns
  • Others
    • LeVogue Magazine
    • Conferences
    • National Economy
  • Contact Us
No Result
View All Result
Leadership Newspapers
No Result
View All Result

56% Of Cyberattacks Bypass Security With Legitimate Logins — Report

Royal Ibeh by Royal Ibeh
1 year ago
in News
Cyber attack officials 1705939922733 1705939922989
Share on WhatsAppShare on FacebookShare on XTelegram

More than half of cyberattacks in 2024 bypassed traditional security defenses by using legitimate login credentials, rather than exploiting system vulnerabilities, a newly released 2025 Sophos Active Adversary Report revealed.

The report, which analysed over 400 cases of Managed Detection and Response (MDR) and Incident Response (IR), revealed that 56 percent of cyberattacks were executed by adversaries simply logging in rather than breaking in.

The findings underscore a growing trend in cybercrime, noting that attackers are moving away from brute-force tactics and system exploits, instead relying on stolen or compromised credentials to access corporate networks undetected.

According to Sophos, compromised credentials were the leading cause of cyber intrusions for the second consecutive year, accounting for 41 percent of all attacks.

This was followed by exploited vulnerabilities (21.79 percent) and brute force attacks (21.07 percent).

The invisibility of credential-based attacks makes them particularly dangerous. Once inside, attackers move quickly.

In cases involving ransomware, data exfiltration, and extortion, the report found that the median time from initial access to data exfiltration was just 3.04 days (72.98 hours).

RELATED NEWS

Kwankwaso Mourns Ex Bauchi Deputy Governor Over Children’s Death

INEC, ICPC Hold Anti-Corruption Training for Staff Ahead of 2027 Elections

Northern Youths Hail Tinubu’s Economic Diplomacy With Mastercard

After data was stolen, organisations had a median of only 2.7 hours before the attack was detected.

“When attackers use stolen credentials, they can blend in with legitimate network traffic, making detection much harder. Organizations need to shift from passive security to active, continuous monitoring. Attackers are evolving, and so must our defense strategies,” the field CISO at Sophos, John Shier explained.

The report also highlighted alarming trends in attacker behaviour. For instance, attackers took a median of just 11 hours from initial access to their first attempt at breaching Active Directory (AD), a critical network asset.

“Ransomware remains a top threat, as Akira was the most frequently encountered ransomware group in 2024, followed by Fog and LockBit.

“Other findings revealed that the median time from an attack’s start to its detection fell from four days to just two in 2024. Remote Desktop Protocol (RDP) is a major weakness, as it was used in 84 percent of cases, making it the most exploited Microsoft tool.

“Attackers also work overnight, as 83 percent of ransomware deployments happened outside normal business hours, allowing cybercriminals to maximize damage before detection,” the report disclosed.

With attackers increasingly using legitimate credentials to bypass security, businesses must prioritise identity protection alongside traditional cybersecurity defenses, even as Sophos recommends that organizations should close exposed RDP ports to limit attack surfaces; implement phishing-resistant MFA to reduce the risk of credential theft and regularly update and patch vulnerable systems, especially internet-facing devices.

“Organisations should also deploy Endpoint Detection and Response (EDR) or Managed Detection and Response (MDR) with 24/7 proactive monitoring and establish and test a comprehensive incident response plan to react quickly to potential intrusions,” Sophos recommended.

As traditional security measures focus on preventing break-ins, attackers are adapting by simply walking through the front door with stolen credentials.

The 2025 Sophos report serves as a warning that strong passwords alone are no longer enough.

Businesses must embrace continuous monitoring, proactive defense strategies, and multi-layered security to keep pace with evolving cyber threats.

We’ve got the edge. Get real-time reports, breaking scoops, and exclusive angles delivered straight to your phone. Don’t settle for stale news. Join LEADERSHIP NEWS on WhatsApp for 24/7 updates →

Join Our WhatsApp Channel

Royal Ibeh

Royal Ibeh

OTHER NEWS UPDATES

Kwankwaso Mourns Ex Bauchi Deputy Governor Over Children’s Death
News

Kwankwaso Mourns Ex Bauchi Deputy Governor Over Children’s Death

4 hours ago
INEC Yet to Receive Funds for 2027 Elections, Says Preparations Ongoing
News

INEC, ICPC Hold Anti-Corruption Training for Staff Ahead of 2027 Elections

4 hours ago
News

Northern Youths Hail Tinubu’s Economic Diplomacy With Mastercard

4 hours ago
Next Post
Nigerian Goalkeeper Osayi Kingdom Joins Swedish Club Assyriska

Nigerian Goalkeeper Osayi Kingdom Joins Swedish Club Assyriska

Advertisement

LATEST UPDATE

Belgium Crush Co-host USA To Reach World Cup Quarter-finals

58 minutes ago

Kwara APC Governorship Aspirants Protest Against AbdulRazaq

3 hours ago

Cross River NDC Unveils Five Strategies Ahead of 2027 Polls

4 hours ago

Kwankwaso Mourns Ex Bauchi Deputy Governor Over Children’s Death

4 hours ago

INEC, ICPC Hold Anti-Corruption Training for Staff Ahead of 2027 Elections

4 hours ago
Load More
Advertisement
Facebook Twitter Instagram Youtube Whatsapp

© 2026 LEADERSHIP Media Group - All Rights Reserved | Hausa | Online Casino.

No Result
View All Result
  • Home
  • News
  • Politics
  • Business
  • Sport
    • Football
  • Health
  • Entertainment
  • Education
  • Opinion
    • Editorial
    • Columns
  • Others
    • LeVogue Magazine
    • Conferences
    • National Economy
  • Contact Us

© 2026 LEADERSHIP Media Group - All Rights Reserved | Hausa | Online Casino.