Coalition published its
Cyber Threat Index 2025,
detailing insights on cybersecurity trends from 2024 and emerging
threats businesses should be aware of in 2025. According to the report,
most ransomware claims in 2024 started with threat actors compromising perimeter security appliances
(58%), like virtual private networks (VPNs) or firewalls. Remote
desktop products were second-most (18%) exploited for ransomware
attacks.
"While ransomware is a serious concern for all businesses, these
insights demonstrate that threat actors' ransomware playbook hasn't
evolved all that much-they're still going after the same tried and true
technologies with many of the same methods," commented Alok Ojha,
Coalition's Head of Products, Security. "This means that businesses can
have a reliable playbook, too, and should focus on mitigating the
riskiest security issues first to reduce the likelihood of ransomware or
another cyber attack. Continuous attack surface monitoring to detect
these technologies and mitigate possible vulnerabilities could mean the
difference between a threat and an incident."
Other key findings from the report include:
-
The total number of published software vulnerabilities will increase to over 45,000 in 2025, a rate of nearly 4,000 per month and a 15% jump over the first 10 months of 2024.
-
Across all ransomware claims, the most common initial access vectors
(IAVs) were stolen credentials (47%) and software exploits (29%). Vendors such as Fortinet®, Cisco®, SonicWall®, Palo Alto Networks®, and Microsoft® build the most commonly compromised products.
-
Exposed logins are an underappreciated driver of ransomware risk. Coalition
detected over 5 million internet-exposed remote management solutions
and tens of thousands of exposed login panels across the internet. When
applying for cyber insurance, most businesses (65%+) had at least one
internet-exposed web login panel.
"This year's report focuses on the most crucial security risks that
under-resourced organizations should understand to better calibrate
their defensive investments to bolster resilience," said Daniel Woods,
Senior Security Researcher at Coalition. "Calibration involves balancing
security investment across vulnerabilities, misconfigurations, and
threat intelligence while also responding to emerging threats, such as
zero-day vulnerabilities exploited in the wild. That's why Coalition
issues Zero-Day Alerts to help businesses, especially SMBs with limited
security resources, stay ahead of these vulnerabilities and reduce alert
fatigue by prioritizing those posing the greatest risk."
Coalition employs artificial intelligence, honeypots, and human judgment to prioritize high-risk vulnerabilities based on their likelihood of exploitation.
This risk prioritization reduces alert fatigue for policyholders and
helps them focus on the most critical risks. Policyholders received
critical alerts for just 0.15% of vulnerabilities published in the first
ten months of 2024, and 90% never received an alert at all. These
timely notifications enabled Coalition customers to remediate over
32,000 vulnerabilities last year.
To read Coalition's full findings and download the report, visit: https://web.coalitioninc.com/DLC-Cyber-Threat-Index-2025.html.