Showing posts with label Sophos Active Adversary Report. Show all posts
Showing posts with label Sophos Active Adversary Report. Show all posts

Sunday, December 22, 2024

Hiding in Plain Sight: Abuse of Trusted Applications Grows by 51% in Latest Sophos Active Adversary Report

Despite Government Disruption, LockBit Dominated Incident Response Cases in First Half of 2024

Sophos, a global leader in innovating and delivering cybersecurity as a service, recently released “The Bite from Inside: The Sophos Active Adversary Report,” an in-depth look at the changing behaviors and attack techniques that adversaries used in the first half of 2024. The data, derived from nearly 200 incident response (IR) cases from across both the Sophos X-Ops IR team and Sophos X-Ops Managed Detection and Response (MDR) team, found that attackers are leveraging trusted applications and tools on Windows systems, commonly called “living off the land” binaries, to conduct discovery on systems and maintain persistence. When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%. 

Featured Post

Agentic Era Gives Birth to a New Branding Paradigm

In the agentic era, service-intensive brands will need to consider the brand impact of the generative AI-based agents’ personality on their ...