Ransomware Gangs Using VPNs and EDR as Security Workarounds

Emily Kirk

When was the last time you asked yourself how many cameras you have in your business? On your laptops, your security systems, your phones. When was the last time you thought about those as vulnerabilities? As trends like Business Email Compromise (BEC) and ransomware continue to evolve, you might want to get a little more into the conspiracy theories you're hearing about that FBI agent living in your phone. Because threat actors are using your cameras and microphones to access you're sensitive data. Don't believe me? You might be a part of the problem. Check it out for yourself.

Background on the Issue - The Skinny 

Cybersecurity threats are constantly evolving, we know this. But while new tactics are evolving, Business Email Compromise (BEC) and ransomware attacks are rising at an alarming rate, fueled by vulnerabilities in Virtual Private Networks (VPNs) and human error.

One of the most striking findings in the 2025 Arctic Wolf Threat Report is that 45% of ransomware and BEC attacks were detected at the intrusion stage—before damage occurred. This means attackers were already inside systems but had not yet deployed their malicious actions. The manufacturing industry continues to be the hardest hit by ransomware (pg. 9), while BEC is rampant across multiple sectors, with the majority of initial intrusions traced back to compromised credentials and phishing attacks (pg. 25, 27).

The report also highlights a staggering statistic: 99.2% of attacks still rely on human error or weak access points (pg. 5). Cybercriminals no longer need to "kick down the door" when they can either steal the key or find it already unlocked. VPN credentials and unsecured Remote Desktop Protocol (RDP) are among the top entry points for ransomware actors. Meanwhile, phishing and previously compromised credentials fuel most BEC attacks. Without phishing-resistant multi-factor authentication (MFA) and strict access controls, companies remain highly vulnerable.

Adding to the complexity is the emergence of new ransomware variants like Fog, a reimagined version of the infamous Conti ransomware. These evolved threats demonstrate that attackers are shifting tactics—not just stealing or encrypting data but finding new ways to infiltrate and exploit businesses before detection.

How This Impacts Your Business

Endpoint Vulnerability: Everything Is a Target

The attack surface is rapidly evolving, and endpoint security is more critical than ever. Almost every piece of hardware in a business environment (computers, cell phones, tablets, security cameras) has some level of vulnerability. The flexibility companies provide their employees in setting up their workspaces, including the ability to add personal webcams or other connected devices, creates new entry points for cyber threats.

The Evolution of Attack Vendors

Cybercriminals are continuously adapting. Ten years ago, Target was breached through its HVAC system, a third-party vulnerability that allowed attackers to infiltrate payment data. Fast forward to today, and third-party webcams or unsecured IoT devices could be the next major bypass method, sidestepping endpoint detection and response (EDR) tools.

SIEM vs. EDR: What's More Foundational?

Security Information and Event Management (SIEM) tools aggregate data and detect threats based on patterns, while Endpoint Detection and Response (EDR) tools focus on real-time endpoint security. But with the rising sophistication of attacks, is SIEM becoming the more foundational element of cybersecurity? While EDR is excellent for immediate endpoint protection, SIEM is proving crucial for identifying how and where attacks originate before they escalate into full-blown breaches.

How Centre Can Help

We understand the shifting threat landscape and work to ensure our clients stay ahead of cybercriminal tactics. Our approach includes:

  • Implementing Phishing-Resistant MFA: Strengthening authentication processes to prevent unauthorized access.
  • Securing VPN and RDP Access: Ensuring all remote access points are locked down and monitored continuously.
  • Enhancing Endpoint Security: Providing next-gen security solutions to protect against threats targeting IoT devices, webcams, and other peripherals.
  • Proactive Threat Hunting: Leveraging SIEM and EDR together to detect and respond to suspicious activities before they escalate.
  • Regular Security Training: Educating employees to recognize phishing, BEC attempts, and other social engineering tactics.

The cybersecurity battle is ongoing, and businesses must remain vigilant. By prioritizing proactive security measures, companies can mitigate risks and prevent costly breaches before they happen. Let’s work together to build a resilient defense against evolving threats. Contact us if you need any help getting started!
Originally published on April 1, 2025

Be a thought leader and share:

Subscribe to Our Blog

About the Author

Emily Kirk Emily Kirk

Creative content writer and producer for Centre Technologies. I joined Centre after 5 years in Education where I fostered my great love for making learning easier for everyone. While my background may not be in IT, I am driven to engage with others and build lasting relationships on multiple fronts. My greatest passions are helping and showing others that with commitment and a little spark, you can understand foundational concepts and grasp complex ideas no matter their application (because I get to do it every day!). I am a lifelong learner with a genuine zeal to educate, inspire, and motivate all I engage with. I value transparency and community so lean in with me—it’s a good day to start learning something new! Learn more about Emily Kirk »

Follow on LinkedIn »