We know what you’re thinking: Another year; another supplier; another threat report…
…and when I open it, I’m stuck in a thin disguised product brochure.
Well, not this one.
We have combined research from various risk prevention groups within Sophos, including SophosLabs, Sophos Managed Threat Response, Sophos Rapid Response, Sophos AI and our Cloud Security team, to provide a comprehensive picture of the security situation.
This year’s report consists of four parts:
- Ransomware and its recent transformation into a two-pronged attack, including extortion of the decryption key and extortion of the removal of stolen files.
- Other malicious programmes that continue to pose a significant threat to organisations
- As in 2020, cyber security is influenced by two factors: the coronavirus pandemic and homework.
- Develop attacks on devices other than laptops or servers, including phones, routers, smart TVs, and other non-traditional computers.
The report also provides useful details on how attackers are turning against your software, which many of you already use on your own networks to hide from your own IT security team.
Here, for example, is an attack graph showing the different instruments used in a typical Dharma takeover invasion:
Read the full report on how you can live outside the country where fraudsters use their own resources against you.
We’ve also provided a fascinating diagram that shows a 20-year history of malware in a single page, so you can see how we’ve gotten where we are today, from the age of worms to now, where it’s all about your data.
See diagram and description of each item in the full report.
The report also includes a technical application from the Sophos AI team, which provides insight into how automated learning systems can help extract harmless objects from dangerous files, even from a huge collection of previously unknown and invisible files.
Imagine, for example, that you are the victim of a threat from someone who has already been hit by a malware attack and wants to know what happened and, more importantly, what the scammers may have left behind.
…throughout the network.
As you can imagine, the malware that actually triggered the last part of an attack is usually easy to find, as long as it has not been removed to make identification difficult.
Finding something if you have a good idea in advance of what to look for is a bit like taking a route you’ve already tried and you already have a lot of attractions in mind.
What about everything else? What else can you trust? What if, before the attack, there were programs that were not as safe as you thought and were used by crooks to help them?
You can download everything, absolutely everything, and sift through it for days – or probably weeks or months – using traditional analysis methods.
But even when you’re done, you may have little or nothing left to deal with future attacks, assuming that these future attacks haven’t already happened while you were trying to catch up.
Go to digital epidemiology, a source of inspiration for a malware tool that helps find needles in the haystack.
Read more about digital epidemiology in the full report.
The Sophos 2021 Threat Report is an excellent reading for anyone interested in cyber security.
Check it out and share your thoughts with us in the following comments.