It takes two: The 2025 Sophos Active Adversary Report – Sophos News

The fifth anniversary edition of Sophos’ Active Adversary Report offers deep insights into evolving cyber threats by analysing 413 cases handled by its IR and MDR teams in 2024. The report highlights a shift from ransomware to network breaches as the leading attack type, with dwell time dropping to a median of two days. Compromised credentials remain the top root cause, with LOLBins and remote ransomware attacks on the rise. The report also explores differences in outcomes between monitored (MDR) and unmanaged (IR) environments, revealing significant improvements when active detection is in place. To mark the milestone, Sophos has publicly released its 2024 dataset to foster broader research and collaboration.