Out Now: Sophos Threat Report 2021

ResourcesSophos Threat ReportThreats & Malware

Navigating cybersecurity in an uncertain world.

Nov 18 2020 By

The Sophos 2021 Threat Report explores this year’s key cybersecurity developments and their implications for the year ahead.

With insights and analysis from Sophos security researchers and threat hunting experts, it provides a unique, 3D review of the cyberthreat landscape. Topics covered include:

  • The future of ransomware: cartels and double whammy attacks
  • Everyday threats to enterprise, including commodity malware and cryptominers
  • How COVID has been a force-multiplier in attacks
  • The growing use of Android and Linux platforms in cybercrime

It’s free and doesn’t require to complete a form to get access!

Get the Report

 

The Power of Sharing

The Sophos Threat Report talks about the “power of sharing” – meaning to share threat intelligence more comprehensively and get better connected. It’s also a great idea to share this report with your customers and prospects. You can download a co-brandable email template from the Sophos Partner Portal or share the link to the report via LinkedIn, Twitter, Facebook and co.

Don’t forget to add your Lead Referral ID though. This way we can give you back every lead created. ‘Wait, you said the Threat Report doesn’t require a form?’ you probably think. And you’re right. However, the Referral ID sets a cookie and whenever your customer or prospect comes back to www.sophos.com and eventually completes a form for a product trial etc., this lead will get routed back to you.

 

What You Can Expect

To wet your mouth a bit more, here are the key take-aways from the report:

Ransomware

  • Ransomware threat actors continue to innovate both their technology and their criminal modus operandi at an accelerating pace
  • More ransomware groups now engage in data theft so they may threaten targets with extortion over the release of sensitive private data
  • As ransom groups put more effort into active attacks against larger organizations, the ransoms they demand have risen precipitously
  • Further, distinct threat actor groups that engage in ransomware attacks appear to be collaborating more closely with their peers in the criminal underground, behaving more like cybercrime cartels than independent groups
  • Ransomware attacks that previously took weeks or days now may only require hours to complete

‘Everyday’ threats

  • Server platforms running both Windows and Linux have been heavily targeted for attack, and leveraged to attack organizations from within
  • Common services like RDP and VPN concentrators remain a focus for attack on the network perimeter, and threat actors also use RDP to move laterally within breached networks
  • Even low-end “commodity” malware can lead to major breaches, as more malware families branch out into becoming “content distribution networks” for other malware
  • A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated

COVID-19

  • Working from home presents new challenges, expanding an organization’s security perimeter to thousands of home networks protected by widely varying levels of security
  • Cloud computing has successfully borne the brunt of a lot of enterprise needs for secure computing environments, yet still has its own challenges unique from those in a traditional enterprise network
  • Threat actors have attempted to launder their reputations making promises not to target organizations involved in life-saving health operations, but later reneged on those promises
  • Criminal enterprises have branched out into a service economy that eases new criminals into the fold
  • Cybersecurity professionals from around the world self-organized in 2020 into a rapid reaction force to combat threats that leverage the social engineering potential of anything relating to the novel Coronavirus

Nontraditional platforms

  • Attackers now routinely take advantage of the wealth of “red team” tools and utilities pioneered by penetration testers in live, active attacks
  • Despite efforts on the part of operators of mobile platforms to monitor apps for malicious code, attackers continue to work around the edges, developing techniques to bypass these code scans
  • Software classified in an earlier era as “potentially unwanted” because it delivered a plethora of advertisements (but was otherwise not malicious) has been engaging in tactics that are increasingly indistinguishable from overt malware
  • Data scientists have applied approaches borrowed from the world of biological epidemiology to spam attacks and malware payloads, as a method to bridge gaps in detection

Get the Report

About the Author

Sophos is a global leader and innovator of advanced security solutions that defeat cyberattacks, including Managed Detection and Response (MDR) and incident response services and a broad portfolio of endpoint, network, email, and cloud security technologies. As one of the largest pure-play cybersecurity providers, Sophos defends more than 600,000 organizations and more than 100 million users worldwide from active adversaries, ransomware, phishing, malware, and more. Sophos’ services and products connect through the Sophos Central management console and are powered by Sophos X-Ops, the company’s cross-domain threat intelligence unit. Sophos X-Ops intelligence optimizes the entire Sophos Adaptive Cybersecurity Ecosystem, which includes a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity and information technology vendors. Sophos provides cybersecurity-as-a-service to organizations needing fully managed security solutions. Customers can also manage their cybersecurity directly with Sophos’ security operations platform or use a hybrid approach by supplementing their in-house teams with Sophos’ services, including threat hunting and remediation. Sophos sells through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.