Ahead of DTX London, Thom Langford, CTO EMEA, Rapid7 previews how Exposure Management and 24/7 MDR (Stand G62) will help organisations cut through ransomware threats and alert fatigue.

Can you tell me about Rapid7’s participation at DTX this year, are you launching any new products or promoting anything specific?

We will be showcasing our Exposure Management solutions at stand G62.

These solutions offer a clear and proactive view of your attack surface.

Additionally, we’ll demonstrate our Managed Detection and Response (MDR), which ensures 24/7 threat detection and response to stop attacks faster.

Join us on Day 1 for an exclusive happy hour as part of DTX’s Oktoberfest promotion.

It’s the perfect opportunity to network, unwind, and discuss your security challenges in a more relaxed setting.

We look forward to seeing you there! 

What cyber threats are creating the biggest security challenges for organisations today?

It probably seems like I’m taking the easy way out here, but it has to still be ransomware. Before you judge me, here’s why.

Rapid7’s latest figures show that in Q1 and Q2 of 2025 they tracked 96 unique ransomware groups active in the first half of the year, up from 68 in the first half of 2024.

It’s clear that access has become a commodity, with initial access brokers now selling footholds or credentials so ransomware crews don’t even have to put in the hard work to break in themselves.

Initial access is now an industrial-scale ecosystem.

Alongside these threats and increasing frequency of attacks, organisations are surrounded by a barrage of alerts. It’s getting a lot harder to cut through the noise.

It is vital that organisations look to curated intelligence that separates signals from the noise and highlights low-frequency but high-impact activity. This is key to help prioritise in an increasingly complex world of defence.

With context built into daily workflows, security teams can stop chasing ghosts and start focusing on what truly reduces risk.

What attacker techniques is Rapid7 most frequently seeing in the wild today?

The real story today shows that it still isn’t fancy malware that’s working the best. Instead, attackers are thriving off the simple techniques like credential abuse and exploitation of exposed services.

Rapid7’s incident response data tells us that the single most common initial access vector is valid accounts used without MFA which accounted for about 56% of all breach cases in Q1 2025.

Rapid7 also found that 71.4% of access broker sales also include a level of privilege, with 10% offering bundles containing multiple access vectors and/or privileges.

Today’s attackers don’t need to force their way in with noisy malware campaigns, instead they see success quietly walking through the front door with stolen and weak credentials.

Rapid7’s research shows that the most common techniques involve valid accounts without sufficient multi-factor authentication, particularly VPN, Domain User and exposed RDP services.

These access methods allow adversaries to immediately blend in with normal user traffic, often with administrative privileges attached, making detection difficult, all for the low, low price of $500 in some cases.

From there, they can set the stage for ransomware or data theft.

How is AI changing today’s threat scape, is Rapid7 seeing an uptick in criminals turning to AI to identify/scan for vulnerabilities within enterprise environments?

At Rapid7, we’re seeing AI reshape today’s threat landscape in meaningful ways.

On the positive side, AI is helping security teams to detect anomalies faster and respond with richer context.

However, the same technology is also being weaponised by attackers.

We’re seeing criminals use AI to scale their operations and automate reconnaissance.

Their attacks are also becoming harder to spot. Take phishing for example; Increasingly convincing messages in multiple languages or even voice clones that feel authentic are being sent in increasingly large volumes to potential victims.

Ransomware operators are taking a similar approach and are combining well-worn tactics like exploiting unpatched systems or weak MFA with AI scanning that helps them move faster and adapt in real time.

Just as employees utilise LLMs to make their jobs easier, so are cybercriminals who can use them to generate malicious code. The code doesn’t have to be particularly well written or robust, it just has to work once!

The key for defenders is to recognise that AI is not just another tool in the attacker’s arsenal but also acts as a force multiplier.

That’s why many in the industry, including our own research teams, are focused on expanding coverage to address AI-specific attack techniques.

We’re seeing adversaries layer AI into reconnaissance and vulnerability discovery, which gives them speed and precision they didn’t have before.

At the same time, we’re also monitoring how these tools lower the barrier for less sophisticated actors and make advanced techniques more accessible.

Do you have any cyber predictions for 2026?

Each year in early December, Rapid7 shares our cybersecurity predictions during our Security Predictions webinar.

This year will be no exception; while I don’t want to give away any spoilers, in past years we have highlighted the increasing significance of asset visibility across a complex attack surface, the necessity of preparing for regulatory changes, and how cybercriminals exploit zero-day vulnerabilities.

Rapid7 is exhibiting at DTX London on 1 and 2 October 2025. Visit them at Stand: G62