Cyber Threats Escalate in : How VPNs, Remote Access, and Social Engineering Are Being Weaponized

As 2024 came to a close, cybersecurity experts sounded the alarm on a rising tide of digital threats aimed squarely at small and medium-sized businesses (SMBs). A new report from Sophos Managed Detection and Response (MDR) reveals a troubling shift in the cybercrime landscape, where edge network devices such as VPN appliances and firewalls are being exploited as primary points of entry into corporate networks. These previously overlooked endpoints are now among the most vulnerable and most frequently targeted components in an organization’s infrastructure.

Alongside these network-based attacks, cybercriminals are evolving their social engineering strategies to bypass traditional defenses, leveraging tools like Microsoft Teams, QR codes, and even generative AI to exploit human error. Meanwhile, remote ransomware attacks — where the attack originates outside the network perimeter — have surged, marking a dramatic change in how attackers infiltrate and encrypt valuable data.

Let’s break down the key findings from this critical research and what it means for the future of cybersecurity.

Key Takeaways from the 2024 Cybersecurity Threat Landscape

Network edge devices were the initial compromise point in 30% of SMB cybersecurity incidents.
VPN appliances alone accounted for 19% of all breach vectors, and were involved in 25% of ransomware and data exfiltration cases.
Devices like VPNs and firewalls are frequently unprotected by Endpoint Detection and Response (EDR) tools, making them low-hanging fruit for threat actors.
Sophos emphasizes the importance of proper lifecycle management of all exposed systems — including regular updates and decommissioning unsupported hardware.
A significant 34% of breaches involved legitimate remote access tools, with attackers frequently using trial or pirated software versions to bypass detection.
Tools like PSExec, AnyDesk, and ScreenConnect were most abused in these operations.
Remote ransomware attacks saw a 50% increase from 2023, and a staggering 141% increase since 2022.
These attacks often originate from unmanaged devices, avoiding direct interaction with traditional security layers, and encrypt shared files over network connections without detection.
While overall attack volume decreased slightly, ransomware and data theft still made up nearly 30% of tracked incidents, remaining the top threat.
Attackers refined their social engineering techniques in 2024, with new trends including:
MS Teams vishing, where attackers used Teams calls to follow up on phishing emails.
MFA phishing powered by platforms like EvilProxy and Tycoon, capable of real-time token capture.
Generative AI tools were widely used to create convincing phishing lures, including fake profiles and sophisticated multilingual communication.
Quishing attacks — phishing using QR codes — became a common method to bypass email filters and EDRs.

What Undercode Say:

The surge in attacks targeting edge network devices reflects a broader shift in the cybersecurity threat model. Traditional defenses, like EDR and antivirus solutions, were once enough to secure internal endpoints. But the reality of today’s decentralized, hybrid work environments — with a patchwork of VPNs, remote access tools, and cloud apps — demands a more holistic approach.

Attackers are demonstrating a deep understanding of enterprise vulnerabilities, not just in systems, but in human behavior and organizational gaps. For instance, VPNs and firewalls, which often operate without endpoint security monitoring, have become the soft underbelly of many networks. Organizations that fail to patch or retire these devices essentially leave the backdoor open for ransomware groups and access brokers.

Remote access tools like AnyDesk and ScreenConnect — legitimate software used by IT departments — are being turned against companies. Cybercriminals exploit these tools not just for entry but for persistence and lateral movement. Worse yet, the use of pirated or trial versions means they often go unnoticed by licensing systems or detection tools. This challenges the industry to look beyond traditional malware signatures and focus on behavior-based analytics.

Remote ransomware adds another layer of stealth. These attacks, originating from outside the endpoint protection sphere, avoid executing ransomware on the target system altogether. By exploiting shared folders and network connections, they operate in a shadow zone where detection is significantly harder. It’s an evolution in tactics that underscores the importance of not just protecting devices, but also securing how they connect and communicate.

Then there’s the social engineering front. The sophistication on display in 2024 is unlike anything seen before. From deepfake communications to AI-generated phishing content, attackers are blending technical and psychological tactics to breach defenses. QR code-based quishing campaigns are especially clever — exploiting both the limitations of traditional email filters and the curiosity of end-users. And with the rise of MFA, adversaries aren’t giving up — they’re innovating, using real-time phishing kits to steal one-time passwords before they expire.

It’s clear the threat landscape is becoming more dynamic, more targeted, and far more creative. The biggest takeaway? Security is no longer about just securing endpoints — it’s about securing identities, access points, communications platforms, and even user behavior. Organizations, particularly SMBs with limited budgets, must reassess their approach and consider solutions like Zero Trust frameworks, stronger patch management, continuous employee training, and real-time behavioral threat detection to stay ahead of increasingly resourceful adversaries.

Fact Checker Results:

VPN exploitation and remote access tool abuse were the most common entry points in SMB attacks in 2024, confirmed by Sophos MDR data.
Remote ransomware attacks have indeed risen by over 50% YoY, aligning with industry trends toward stealthier, fileless intrusions.
Generative AI and social engineering innovations are increasingly weaponized by attackers, reflecting a real and rapidly growing concern in cybersecurity.