Despite Government Disruption, LockBit Dominated Incident Response Cases in First Half of 2024
Sophos, a global leader in innovating and delivering cybersecurity as a service, recently released “The Bite from Inside: The Sophos Active Adversary Report,” an in-depth look at the changing behaviors and attack techniques that adversaries used in the first half of 2024. The data, derived from nearly 200 incident response (IR) cases from across both the Sophos X-Ops IR team and Sophos X-Ops Managed Detection and Response (MDR) team, found that attackers are leveraging trusted applications and tools on Windows systems, commonly called “living off the land” binaries, to conduct discovery on systems and maintain persistence. When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.