We know what you’re thinking: “Another year; another vendor; another threat report…
…and when I open it, I’ll be stuck in a thinly disguised product brochure.”
Well, not this one.
We’ve combined research from a number of threat prevention groups inside Sophos, including SophosLabs, Sophos Managed Threat Response, Sophos Rapid Response, Sophos AI, and our Cloud Security team, to deliver a comprehensive review of the security landscape.
This year’s report is in four parts:
- Ransomware and its recent transformation into a two-headed attack involving extortion for the decryption key and blackmail to delete stolen files.
- Other malware that still poses a significant threat to organisations.
- How cybersecurity has been affected in 2020 by the twin factors of the coronavirus pandemic and working from home.
- The evolution of attacks against devices that aren’t laptops or servers, including phones, routers, smart TVs and other “non-traditional” computers.
In the report, you’ll also find useful details of how cybercriminals are turning software that many of you may already use on your own networks against you, aiming to hide in plain sight from your own IT security team.
For example, here’s an attack table that shows the variety of tools used in a typical Dharma ransomware invasion:
We’ve also provided a fascinating chart showing you 20 years of malware history on one page, so that you can see how we got to where we are now, from the “It’s All About Worms” epoch to the present day, where “It’s All About Your Data”.
Digital epidemiology
The report also includes a technical appendix from the Sophos AI team that gives you an insight into how machine learning systems can help to winnow out harmless objects from dangerous ones, even in an enormous collection of previously unknown and unseen files.
For example, imagine you’re a threat responder called in by someone who’s already suffered a malware attack and wants to figure out what happened – and, more importantly, what the crooks might have left behind…
…across a whole network.
As you can imagine, the malware that actually unleashed the final part of the attack is typically easy to find, assuming that it didn’t delete itself afterwards to make identification harder.
Tracking down something when you have a good idea in advance what to look for is a bit like taking a journey using a route you’ve tried before, where you already have a good set of landmarks in your mind.
But what about everything else? What can you still trust? What if there were programs there from before the attack that somehow weren’t as safe as you thought and that the crooks used as a helping hand?
You could upload everything, absolutely everything, and sift through it using traditional analysis techniques for days – or, more likely for weeks or months.
However, even after you finished, you might have very little or nothing to help you deal with future attacks, assuming that those “future attacks” hadn’t already happened while you were trying to catch up.
Enter Digital Epidemiology, the inspiration for a malware processing tool that helps to find needles in haystacks.
The Sophos 2021 Threat Report is a great read for anyone interested in cybersecurity.
Please take a look and give us your thoughts in the comments below.
omer a
Hi, I thought you might like to know there is a typo in the chart summarizing 20 years of threats: the 2008 malware called “Conficker” has an extra “l” in it.
Paul Ducklin
Oooh, well spotted! (I had to zoom Firefox to 170% to see that one clearly :-)
I have reported it to the relevant authorities…