Report Highlights How Businesses Can Reduce Cyber Risk as Threats Persist
Coalition, an active insurance provider, has released its Cyber Threat Index 2025, shedding light on the dominant cybersecurity threats from 2024 and what to expect in the coming year. The report reveals that most ransomware incidents in 2024 began with compromised virtual private networks (VPNs) and firewalls (58%), with remote desktop software accounting for another 18%. Despite rising attack volumes, they are relying on well-established tactics rather than innovating new ransomware techniques.
“While ransomware is a serious concern for all businesses, these insights demonstrate that threat actors’ ransomware playbook hasn’t evolved all that much—they’re still going after the same tried and true technologies with many of the same methods,” said Alok Ojha, Coalition’s Head of Products, Security.
Ransomware Attack Methods Remain Largely Unchanged
Coalition’s report shows that stolen credentials (47%) and software exploits (29%) were ransomware attacks’ most common entry points. Hackers frequently target products from Fortinet, Cisco, SonicWall, Palo Alto Networks, and Microsoft, exploiting known security gaps.
Exposed login credentials continue to be a major weak point. Coalition identified over 5 million internet-exposed remote management tools and thousands of publicly accessible login panels, many of which could provide attackers with an easy entry into critical systems. Alarmingly, 65% of businesses had at least one exposed web login panel when applying for cyber insurance.
Software Vulnerabilities Expected to Soar in 2025
The report predicts that researchers will publish over 45,000 software vulnerabilities in 2025, a 15% increase from 2024. In the first ten months of 2024, Coalition sent Zero-Day Alerts (ZDAs) for only 0.15% of critical vulnerabilities.
Security researchers emphasized the importance of addressing vulnerabilities in perimeter security appliances. The report highlights that Ivanti, Palo Alto Networks, Fortinet, and Citrix devices were most frequently exploited for remote code execution and network infiltration.
The Cost of Security Negligence
The Change Healthcare ransomware attack in early 2024 was a high-profile example of how misconfigured login panels and weak authentication can lead to massive financial losses and reputational harm. Not to mention the people. Attackers gained access through a Citrix login panel lacking multi-factor authentication (MFA). This resulted in over $1.6 billion in damages and widespread disruption to healthcare providers.
Similarly, flaws in Ivanti’s Connect Secure VPN were actively exploited, forcing federal agencies to take emergency actions. Coalition warned policyholders 50 days before government agencies issued alerts, demonstrating the value of proactive security monitoring.
How Businesses Can Reduce Their Risk
Coalition advises businesses to focus on three key security measures to reduce ransomware risks:
- Secure Remote Access – Implement MFA, restrict exposed login panels, and remove remote desktop access from public networks.
- Prioritize Software Updates – Patch known vulnerabilities in VPNs, firewalls, and remote access software.
- Enhance Employee Security Awareness – Train staff to recognize phishing and social engineering tactics.
Daniel Woods, Senior Security Researcher at Coalition, emphasized that businesses—especially SMBs—must balance security investment across vulnerabilities, misconfigurations, and emerging threats to strengthen resilience.
“Calibration involves balancing security investment across vulnerabilities, misconfigurations, and threat intelligence while also responding to emerging threats,” said Woods.
Looking Ahead: 2025 and Beyond
The Coalition Cyber Threat Index 2025 report makes it clear that ransomware techniques and the attackers continue to rely on old tactics. That means businesses can stay ahead by securing common entry points. The growing number of software cybersecurity threats underscores the importance of proactive monitoring, timely patching, and continuous attack surface management.
Other News: Remote Access Drives 58% of Ransomware Attacks in 2023, At-Bay Report(Opens in a new browser tab)