Attackers target remote work and data storage
New research from internet service provider Beaming shows UK businesses were targeted more than 791,600 times last year and attackers are focused on systems that facilitate remote work and data storage, turning them into high-risk entry points.
Remote desktop and VPN services saw sustained, automated probing throughout 2025. These are the primary targets for ransomware groups who use stolen credentials to infiltrate and encrypt corporate networks to cause total business lockout.
Databases remain a top priority for attackers seeking to exfiltrate sensitive customer records for extortion purposes. These breaches often lead to significant regulatory fines and long-term reputational damage.
Web applications also experienced a surge in automated scanning, where bots hunt for unpatched vulnerabilities. These industrialised attacks can exploit weaknesses within seconds of a flaw being discovered.
Attacks on third-party cloud services and supplier portals rose in 2025. This underlines how dependent businesses are on the security of their partners, as attackers use these portals to move laterally into partner networks.
China remains the largest source of malicious traffic in 2025, frequently exceeding 30,000 unique attacking IP addresses per month. However, Beaming’s latest analysis reveals that the USA has significantly narrowed the gap, now following more closely as a major source of attack infrastructure than in previous years. These two nations, alongside Brazil, India, and Russia, constitute the top five origins of cyber threats reaching UK businesses.
Sonia Blizzard, managing director of Beaming, says, "In 2025, we saw cyberattack activity move from sporadic peaks to a relentless baseline of over 2,000 probes per day. For business leaders, 2026 needs to be the year where cyber resilience stays firmly on the boardroom agenda. It is no longer just about defending the perimeter; it’s about ensuring your organisation can keep operating even when under constant fire."
To counter the threat businesses are advised to audit and secure all internet-facing services, removing or restricting unnecessary ports. They should also enforce multi-factor authentication (MFA) across every remote login and remove direct RDP exposure, adopt conditional access policies that factor in user location and device health, maintain immutable backups and regularly test recovery processes, and review the security controls of third-party vendors as part of routine governance.
You can read more on the Beaming site.
Image credit: BeeBright/Depositphotos.com
