Showing posts with label Sophos. Show all posts
Showing posts with label Sophos. Show all posts

Sunday, December 22, 2024

Hiding in Plain Sight: Abuse of Trusted Applications Grows by 51% in Latest Sophos Active Adversary Report

Despite Government Disruption, LockBit Dominated Incident Response Cases in First Half of 2024

Sophos, a global leader in innovating and delivering cybersecurity as a service, recently released “The Bite from Inside: The Sophos Active Adversary Report,” an in-depth look at the changing behaviors and attack techniques that adversaries used in the first half of 2024. The data, derived from nearly 200 incident response (IR) cases from across both the Sophos X-Ops IR team and Sophos X-Ops Managed Detection and Response (MDR) team, found that attackers are leveraging trusted applications and tools on Windows systems, commonly called “living off the land” binaries, to conduct discovery on systems and maintain persistence. When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%. 

Sunday, December 1, 2024

Demand for Managed Service Partners Strong as AI-augmented Cyberattacks Highlighted as Top Concern for Organisations across Asia Pacific and Japan

Sophos research finds 83% of organisations’ cybersecurity budgets will increase in the coming 12 months, and 50% will increase spend with MSPs 

Sophos, a global leader of innovative security solutions for defeating cyberattacks, recently released its Cybersecurity Playbook for Partners in Asia Pacific and Japan in collaboration with Tech Research Asia. The report analyzed the priorities for businesses over the next 12 months, and the opportunities for partners to support these ambitions. 

“The ongoing prevalence of cyber threats has forced organisations to address a variety of their cybersecurity measures,” said Cameron Reid, director, Channel Sales MSP, Sophos Asia Pacific and Japan. “The report found that the top three areas of importance for businesses are strengthening cybersecurity posture around financial operations, improving risk management capabilities, and ensuring cybersecurity is robust enough to support digital transformation programs. Evidently, when businesses invest in new technologies, it is front of mind that this is done in a secure manner to ensure potential attack surfaces are protected.” 

Friday, November 29, 2024

Hunter Versus Spy: Sophos “Pacific Rim” Report Details its Defensive and Counter-Offensive Operation with Multiple Interlinked Adversaries Based in China

“After we successfully responded to the initial attacks, the adversaries escalated their efforts and brought in more experienced operators. We uncovered a vast adversarial ecosystem.” - Sophos

Sophos, a global leader of innovative security solutions for defeating cyberattacks, recently released “Pacific Rim,” a report detailing its defensive and counter-offensive operation over the last five years with multiple interlinked nation-state adversaries based in China targeting perimeter devices, including Sophos Firewalls. The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well as overlapping tactics, tools and procedures (TTPs) with well-known Chinese nation-state groups including Volt Typhoon, APT31 and APT41. The adversaries targeted both small and large critical infrastructure and government targets, primarily located in South and South-East Asia, including nuclear energy suppliers, a national capital’s airport, a military hospital, state security apparatus, and central government ministries.

Throughout Pacific Rim, Sophos X-Ops, the company’s cybersecurity and threat intelligence unit, worked to neutralize the adversaries’ moves and continuously evolved defenses and counter-offensives. After Sophos successfully responded to the initial attacks, the adversaries escalated their efforts and brought in more experienced operators. Sophos subsequently uncovered a vast adversarial ecosystem. 

Thursday, November 21, 2024

Two-Thirds of Healthcare Organizations Hit by Ransomware – A Four-Year High, Sophos Survey Finds

Nearly 80% of Organizations Hit by Ransomware Took More than a Week to Recover 

Sophos, a global leader of innovative security solutions for defeating cyberattacks, recently released a sector survey report, “The State of Ransomware in Healthcare 2024,” which revealed that the rate of ransomware attacks against healthcare organizations has reached a four-year high since 2021. Of those organizations surveyed, two-thirds (67%) were impacted by ransomware attacks in the past year, up from 60% in 2023. The rising rate of ransomware attacks against healthcare institutions contrasts with the declining rate of ransomware attacks across sectors; the overall rate of ransomware attacks fell from 66% in 2023 to 59% in 2024.

Alongside an increase in the rate of ransomware attacks, the healthcare sector reported increasingly longer recovery times. Only 22% of ransomware victims fully recovered in a week or less, a considerable drop from the 47% reported in 2023 and 54% in 2022. In addition, 37% took more than a month to recover, up from 28% in 2023, reflecting the increased severity and complexity of attacks.

“While we’ve seen the rate of ransomware attacks reach a kind of “homeostasis” or even declining across industries, attacks against healthcare organizations continue to intensify, both in number and scope. The highly sensitive nature of healthcare information and need for accessibility will always place a bullseye on the healthcare industry from cybercriminals. Unfortunately, cybercriminals have learned that few healthcare organizations are prepared to respond to these attacks, demonstrated by increasingly longer recovery times. These attacks can have immense ripple effects, as we’ve seen this year with major ransomware attacks impacting the healthcare industry and impacting patient care,” said John Shier, field CTO, Sophos.

“To combat these determined adversaries, healthcare organizations must adopt a more proactive, human-led approach to threat detection and response, combining advanced technology with continuous monitoring to stay ahead of attackers.”

Additional findings from the report include:

Ransom Recovery Costs Surge: The mean cost of recovery in a healthcare ransomware attack was $2.57 million in 2024, up from $2.2 million in 2023 and double the 2021 cost 

Ransom Demands vs Payments: 57% of healthcare institutions that paid the ransom ended up paying more than the original demand

Root Cause of Attack: Compromised credentials and exploited vulnerabilities were tied for the number one root cause of attack, each accounting for 34% of attacks

Backups Targeted: 95% of healthcare organizations hit by ransomware in the past year said that cybercriminals attempted to compromise their backups during the attack.

Increased Pressure: Organizations whose backups were compromised were more than twice as likely to pay the ransom to recover encrypted data (63% vs. 27%)

Who Pays the Ransom: Insurance providers are heavily involved in ransom payments, contributing in 77% of cases. 19% of total ransom payment funding comes from insurance providers 

The latest Sophos report on real-world ransomware experiences explores the full victim journey, from attack rate and root cause to operational impact and business outcomes, of 402 healthcare organizations. The results for this sector survey report are part of a broader, vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024 across 14 countries and 15 industry sectors.

Learn More About Ransomware

Turning the screws: The pressure tactics of ransomware gangs 

The State of Ransomware 2024

The effect of cyber insurance on the ransomware landscape 

The role of law enforcement in ransomware attacks

The role of unpatched vulnerabilities in ransomware attacks 

How often companies’ backups are compromised during ransomware attacks 

The rise of remote encryption among ransomware groups

Ransomware attackers targeting managed service providers (MSPs) in the 2024 Sophos Threat Report: Cybercrime on Main Street

The latest techniques, tactics and procedures (TTPs) of cyber attackers in the Active Adversary Report for 1H 2024 

The evolving ransomware business model in Junk Gun’ Ransomware: Peashooters Can Still Pack a Punch

Sophos X-Ops and its groundbreaking threat research by subscribing to the Sophos X-Ops blogs

Read the full State of Ransomware in Healthcare 2024 report on Sophos.com for additional global findings and data by sector.

Friday, November 8, 2024

Sophos to Acquire Secureworks to Accelerate Cybersecurity Services and Technology for Organizations Worldwide

Sophos and Secureworks® (NASDAQ:SCWX), two global leaders of innovative security solutions for defeating cyberattacks, today announced a definitive agreement for Sophos to acquire Secureworks. The all-cash transaction is valued at approximately $859 million. Sophos is backed by Thoma Bravo, a leading software investment firm.

Sophos’ experience and reputation as a leading provider of managed security services and end-to-end security products, combined with Secureworks’ security operations expertise transformed into the Taegis™ platform, is expected to further deliver complementary advanced MDR and XDR solutions for the benefit of their global customer bases. Together, they will help strengthen the resilience and security posture of global organizations of any size with a combination of security controls, AI, world-class threat intelligence, and two teams with decades of cybersecurity expertise.

Tuesday, August 13, 2024

Ransomware Groups Weaponize Stolen Data to Increase Pressure on Targets Who Refuse to Pay, Sophos Report Finds

Sophos, a global leader of innovative security solutions for defeating cyberattacks, recently released a new dark web report, “Turning the Screws: The Pressure Tactics of Ransomware Gangs,” which details how cybercriminals are weaponizing stolen data to increase pressure on targets who refuse to pay. This includes sharing the contact details or doxing the family members of targeted CEOs and business owners, as well as threatening to report any information about illegal business activities uncovered in stolen data to the authorities. 

In the report, Sophos X-Ops shares posts found on the dark web that show how ransomware gangs refer to their targets as “irresponsible and negligent,” and in some cases, encourage individual victims whose personal information was stolen to pursue litigation against their employer.

Thursday, July 4, 2024

76% of Companies Improved Their Cyber Defenses to Qualify for Cyber Insurance, Sophos Survey Finds

Recovery Costs from Cyberattacks Outpace Insurance Coverage 

Sophos, a global leader of innovative security solutions for defeating cyberattacks, recently released findings from its survey, “Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders.” According to the report, 97% of those with a cyber policy invested in improving their defenses to help with insurance, with 76% saying it enabled them to qualify for coverage, 67% to get better pricing and 30% to secure improved policy terms.

The survey also revealed that recovery costs from cyberattacks are outpacing insurance coverage. Only one percent of those that made a claim said that their carrier funded 100% of the costs incurred while remediating the incident. The most common reason for the policy not paying for the costs in full was because the total bill exceeded the policy limit. According to The State of Ransomware 2024 survey, recovery costs following a ransomware incident increased by 50% over the last year, reaching $2.73 million on average.

Sunday, June 30, 2024

Joe Levy Appointed CEO of Sophos

Jim Dildine Named as Sophos’ New CFO

Sophos, a global leader of innovative security solutions for defeating cyberattacks, recently announced that Joe Levy is now chief executive officer (CEO) of the company. Levy has been acting CEO since Feb. 15. To drive a critical role in the execution of his strategy to shape the future of Sophos, Levy has named Jim Dildine Sophos’ new chief financial officer (CFO) and a member of his senior management team. 

Levy is a nearly 30-year veteran of innovating and leading cybersecurity product development, services and companies. During his nine-year tenure at Sophos, Levy drove the transformation of Sophos from a product-only vendor into the global cybersecurity giant it is today, including an incident response team and managed detection and response (MDR) service that defends more than 21,000 organizations worldwide. Levy also created SophosAI and Sophos X-Ops, an operational threat intelligence unit that joins together more than 500 cross-departmental cybersecurity operators and threat intelligence experts. Sophos X-Ops shares real-time and historical attack data with all of Sophos’ solutions, making them smarter and faster at defending customers from persistent cyberattacks. Levy has in-depth experience working with the channel, including managed security providers (MSPs), throughout his career, which he started in the mid-1990s as a cybersecurity practitioner and product and service innovator at a value-added reseller. 

Wednesday, October 25, 2023

Eastern Communications launches CIXA Security Solution for Cybersecurity Awareness Month

Eastern Communications and Sophos conducted a tech huddle event  to spread cybersecurity awareness among business leaders. 

The widespread digital adoption has brought significant transformations and advantages but also introduced new and evolving challenges when it comes to cybersecurity. The rampant cyber threats emerging from technological advancements today have prompted businesses to prioritize cyber resilience. 

With this, businesses in the Philippines are urged to augment their IT security. The National Cybersecurity Index (NCSI) ranked the country 48th out of 176 countries in terms of how it measures cybersecurity and preparedness for cyber threats with a score of 63.64%.  In fact, in 2022, three out of four organizations in the Philippines experienced a cyber incident, which is much higher than the APAC average (59%). 

Sunday, August 12, 2018

Globe, Sophos team up to help businesses fight cyber threats

(L-R) Julius Suarez-Sophos ASEAN Systems Engineer,
Margaret Acibron - VP Sales for NetPlay Inc., Jett Ching-Sophos
Territory Manager for Netplay Inc. ,
 William Arnaiz - Globe Business Consulting Manager,
 Jojo Rafaeles- Globe Business Industry Sales Head
 at the Globe Business-Sophos Cybersecurity Forum
Globe Business, through its partnership with NCSI Philippines, welcomes Sophos as part of its Cybersecurity portfolio.  Sophos is an English security software and hardware company that arms businesses with the necessary tools to keep their operations secure and protected from cyber threats.

“Providing our customers with Sophos solutions is a step towards seeing 'businesses flourish.'  We recognize that one of the keys to a sustainable business operation is to ensure that customer network and endpoint devices remain secure over the long haul.  Globe and Sophos are here to provide the value of security,” said Peter Maquera, Globe Senior Vice President for Enterprise Group.

Featured Post

Agentic Era Gives Birth to a New Branding Paradigm

In the agentic era, service-intensive brands will need to consider the brand impact of the generative AI-based agents’ personality on their ...