Out Now: Sophos Threat Report 2021

ResourcesSophos Threat ReportThreats & Malware

Navigating cybersecurity in an uncertain world.

The Sophos 2021 Threat Report explores this year’s key cybersecurity developments and their implications for the year ahead.

With insights and analysis from Sophos security researchers and threat hunting experts, it provides a unique, 3D review of the cyberthreat landscape. Topics covered include:

  • The future of ransomware: cartels and double whammy attacks
  • Everyday threats to enterprise, including commodity malware and cryptominers
  • How COVID has been a force-multiplier in attacks
  • The growing use of Android and Linux platforms in cybercrime

It’s free and doesn’t require to complete a form to get access!

Get the Report


The Power of Sharing

The Sophos Threat Report talks about the “power of sharing” – meaning to share threat intelligence more comprehensively and get better connected. It’s also a great idea to share this report with your customers and prospects. You can download a co-brandable email template from the Sophos Partner Portal or share the link to the report via LinkedIn, Twitter, Facebook and co.

Don’t forget to add your Lead Referral ID though. This way we can give you back every lead created. ‘Wait, you said the Threat Report doesn’t require a form?’ you probably think. And you’re right. However, the Referral ID sets a cookie and whenever your customer or prospect comes back to www.sophos.com and eventually completes a form for a product trial etc., this lead will get routed back to you.


What You Can Expect

To wet your mouth a bit more, here are the key take-aways from the report:


  • Ransomware threat actors continue to innovate both their technology and their criminal modus operandi at an accelerating pace
  • More ransomware groups now engage in data theft so they may threaten targets with extortion over the release of sensitive private data
  • As ransom groups put more effort into active attacks against larger organizations, the ransoms they demand have risen precipitously
  • Further, distinct threat actor groups that engage in ransomware attacks appear to be collaborating more closely with their peers in the criminal underground, behaving more like cybercrime cartels than independent groups
  • Ransomware attacks that previously took weeks or days now may only require hours to complete

‘Everyday’ threats

  • Server platforms running both Windows and Linux have been heavily targeted for attack, and leveraged to attack organizations from within
  • Common services like RDP and VPN concentrators remain a focus for attack on the network perimeter, and threat actors also use RDP to move laterally within breached networks
  • Even low-end “commodity” malware can lead to major breaches, as more malware families branch out into becoming “content distribution networks” for other malware
  • A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated


  • Working from home presents new challenges, expanding an organization’s security perimeter to thousands of home networks protected by widely varying levels of security
  • Cloud computing has successfully borne the brunt of a lot of enterprise needs for secure computing environments, yet still has its own challenges unique from those in a traditional enterprise network
  • Threat actors have attempted to launder their reputations making promises not to target organizations involved in life-saving health operations, but later reneged on those promises
  • Criminal enterprises have branched out into a service economy that eases new criminals into the fold
  • Cybersecurity professionals from around the world self-organized in 2020 into a rapid reaction force to combat threats that leverage the social engineering potential of anything relating to the novel Coronavirus

Nontraditional platforms

  • Attackers now routinely take advantage of the wealth of “red team” tools and utilities pioneered by penetration testers in live, active attacks
  • Despite efforts on the part of operators of mobile platforms to monitor apps for malicious code, attackers continue to work around the edges, developing techniques to bypass these code scans
  • Software classified in an earlier era as “potentially unwanted” because it delivered a plethora of advertisements (but was otherwise not malicious) has been engaging in tactics that are increasingly indistinguishable from overt malware
  • Data scientists have applied approaches borrowed from the world of biological epidemiology to spam attacks and malware payloads, as a method to bridge gaps in detection

Get the Report