Coalition’s latest Cyber Threat Index shows 58% of ransomware claims last year stemmed from criminals compromising “perimeter security” such as virtual private networks or firewalls. 

Remote desktop products were the second most exploited tools, making up 18% of ransomware claims last year.

“Threat actors’ ransomware playbook hasn’t evolved all that much – they’re still going after the same tried and true technologies with many of the same methods,” Coalition head of products, security Alok Ojha said.  

“Businesses can have a reliable playbook too, and should focus on mitigating the riskiest security issues first.”

He recommends continuous attack surface monitoring of these technologies and action to mitigate vulnerabilities.

Coalition expects the number of published software vulnerabilities to rise to more than 45,000 this year, up 15% on the first 10 months of last year.

The cyber specialist underwriting agency says exposed logins are “an underappreciated driver of ransomware risk”.  

It has detected more than 5 million internet-exposed remote management solutions and tens of thousands of exposed login panels online.

“This year’s report focuses on the most crucial security risks that under-resourced organisations should understand to better calibrate their defensive investments to bolster resilience,” Coalition security researcher Daniel Woods said.  

The agency operates in Australia, the US, UK, Canada and Germany.  

See the Cyber Threat Index 2025 here.