Sophos stories

The Lemon Duck cryptomining malware is being used to target unpatched Microsoft Exchange servers —giving it a 'firm foothold' in compromised servers.>>

New ransomware Epsilon Red has been found by Sophos researchers who detail the tools, techniques, procedures, and behaviour of the attackers behind it.>>

Fileless malware is a type of covert threat that injects code directly into the memory of a compromised machine, often to avoid detection. >>

Sophos and Ingram Micro have extended their partnership, which will see the distributor working to recruit new managed services partners to the Sophos MSP Connect Flex program.>>

Average ransomware recovery cost in Asia Pacific and Japan (APJ) has increased from US$1.16 million to US$2.34 million, more than doubling in one year.>>

AI has been used to combat cyber-threats for years. But there are many related pitfalls — and catastrophic forgetting is a major one.>>

"The findings confirm the brutal truth that when it comes to ransomware, it doesn't pay to pay.">>

Every organisationusing Microsoft Exchange must patch their on-premise servers immediately and scan their networks for signs of malicious activity.>>

A rise in the use of Kubernetes and Docker services — and increased adoption of DevOps methodologies — have all contributed to the rise in popularity of containers. But as with all emerging technologies, there are risks.>>

"We are looking at yet another rapidly compiled, opportunistic and possibly experimental attack.">>

Executive teams are failing to recognise the level of damage cyber-threats pose to organisations, according to Sophos — many of them taking a ‘conservative approach’ to cybersecurity expenditure.>>

This unification enables a connected, interactive computing environment that combines smartphone and PC technology to deliver security capabilities and opportunities, the company states.>>

Agent Tesla originally surfaced in 2014. It is widely available on criminal marketplaces, and continues to evolve.>>

The cryptominer was recently discovered when attackers targeted internet-facing database servers (SQL servers), and the MrbMiner was downloaded and installed.>>

The programme, which runs an open data registry of vulnerabilities, enables programme stakeholders to correlate vulnerability information used to protect systems against attacks. >>

“Attackers are using a range of techniques and whichever defence has a weakness is how they get in. When one technique fails they move on to the next, until they find a weak spot.">>

The principle of ‘zero trust’ in cybersecurity is simple: Trust nothing, and verify everything.>>

What is less discussed is how cybercriminals are taking advantage of those very same technologies to automate their attacks, too.>>

Discoveries made by analysts at Sophos have unearthed a new development: ransomware code appears to have been shared across ‘families’, and some of the ransomware groups seemed to work in collaboration more than in competition with one another. >>

"While it is common practice to share AI methodologies and findings in other industries, cybersecurity has lagged in this effort.">>

"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness.">>

Sophos Intercept X for Mobile has capabilities in protecting Android, iOS and Chrome OS users from known and never before seen mobile threats.>>

Sophos researchers say that the attackers take a slightly different approach to the standard ‘fake login’ phishing email.>>

"Dharma is fast-food franchise ransomware: widely and easily available to just about anyone,” says a Sophos threat researcher.>>