Category: Security Operations
-
Sophos achieves its best-ever results in the MITRE ATT&CK Enterprise 2025 Evaluation
Sophos achieves its best-ever results in the MITRE ATT&CK Enterprise 2025 Evaluation A major milestone: Sophos XDR delivers 100% detection coverage in the latest ATT&CK Evaluation. rajansanhotra Go to sophos
-
Introducing Sophos Intelix for Microsoft Security Copilot
Introducing Sophos Intelix for Microsoft Security Copilot Elevating threat intelligence for all Security Copilot users. Doug Aamoth Go to sophos
-
Introducing Sophos Intelix for Microsoft 365 Copilot
Introducing Sophos Intelix for Microsoft 365 Copilot Bringing Sophos threat intelligence directly into Microsoft 365 Copilot. Doug Aamoth Go to sophos
-
Advancing Cybersecurity for Microsoft Environments
Advancing Cybersecurity for Microsoft Environments From certified MDR services to open threat intelligence frameworks, Sophos is delivering the clarity, context, and confidence organizations need to stay ahead of evolving threats. Sally Adam Go to sophos
-
Detecting fraudulent North Korean hires: A CISO playbook
Detecting fraudulent North Korean hires: A CISO playbook Has a North Korean threat actor applied for a position at your organization, or even been hired? We’re sharing a toolkit to help you detect and avoid that risk. Ross McKerchar Go to sophos
-
Phake phishing: Phundamental or pholly?
Phake phishing: Phundamental or pholly? Debates over the effectiveness of phishing simulations are widespread. Sophos X-Ops looks at the arguments for and against – and our own phishing philosophy Ross McKerchar Go to sophos
-
What happens when a cybersecurity company gets phished?
What happens when a cybersecurity company gets phished? A Sophos employee was phished, but we countered the threat with an end-to-end defense process Ross McKerchar Go to sophos
-
Rubrik & Sophos Enhance Cyber Resilience for Microsoft 365
Rubrik & Sophos Enhance Cyber Resilience for Microsoft 365 Cybersecurity attacks are rising sharply in 2025, and Microsoft has been one among many prominent targets. Research shows that 70 percent of M365 tenants have experienced account takeovers1 and 81 percent have encountered email compromise2. To mitigate this ongoing risk, Rubrik and Sophos have formed a…
-
Sophos’ Secure by Design 2025 Progress
Sophos’ Secure by Design 2025 Progress One year on, we are pleased to share progress on our secure-by-design commitments. Ross McKerchar Go to sophos
-
DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers
DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers Ransomware actor exploited RMM to access multiple organizations; Sophos EDR blocked encryption on customer’s network gallagherseanm Go to sophos
-
A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist
A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist Another adversary picks up the email bombing / vishing Storm-1811 playbook, doing thorough reconnaissance to target specific employees with fake help desk call—this time, over the phone. gallagherseanm Go to sophos
-
Lumma Stealer, coming and going
Lumma Stealer, coming and going The high-profile information stealer switches up its TTPs, but keeps the CAPTCHA tactic; we take a deep dive Angela Gunn Go to sophos
-
Moving CVEs past one-nation control
Moving CVEs past one-nation control A near-miss episode of attempted defunding spotlights a need for a better way Chester Wisniewski Go to sophos
-
The Sophos Annual Threat Report: Cybercrime on Main Street 2025
The Sophos Annual Threat Report: Cybercrime on Main Street 2025 Ransomware remains the biggest threat, but old and misconfigured network devices are making it too easy gallagherseanm Go to sophos
-
Sophos Annual Threat Report appendix: Most frequently encountered malware and abused software
Sophos Annual Threat Report appendix: Most frequently encountered malware and abused software These are the tools of the trade Sophos detected in use by cybercriminals over 2024 gallagherseanm Go to sophos
-
It takes two: The 2025 Sophos Active Adversary Report
It takes two: The 2025 Sophos Active Adversary Report The dawn of our fifth year deepens our understanding of the enemies at the gate, and some tensions inside it; plus, an anniversary gift from us to you Angela Gunn Go to sophos
-
Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream
Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream Attack matches three-year long pattern of ScreenConnect attacks tracked by Sophos MDR as STAC4365. gallagherseanm Go to sophos
-
Stealing user credentials with evilginx
Stealing user credentials with evilginx A malevolent mutation of the widely used nginx web server facilitates Adversary-in-the-Middle action, but there’s hope Angela Gunn Go to sophos
-
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing” Sophos MDR identifies a new threat cluster riffing on the playbook of Storm-1811, and amped-up activity from the original connected to Black Basta ransomware. gallagherseanm Go to sophos
-
Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces
Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces A sudden disruption of a major phishing-as-a-service provider leads to the rise of another…that looks very familiar gallagherseanm Go to sophos
-
The Bite from Inside: The Sophos Active Adversary Report
The Bite from Inside: The Sophos Active Adversary Report A sea change in available data fuels fresh insights from the first half of 2024 Angela Gunn Go to sophos
-
Sophos excels in the 2024 MITRE ATT&CK® Evaluations: Enterprise
Sophos excels in the 2024 MITRE ATT&CK® Evaluations: Enterprise Results from the latest ATT&CK Evaluations for endpoint detection and response solutions. rajansanhotra Go to sophos
-
Sophos named a Gartner® Peer Insights™ Customers’ Choice for Managed Detection and Response (MDR) Services for the 2nd time
Sophos named a Gartner® Peer Insights™ Customers’ Choice for Managed Detection and Response (MDR) Services for the 2nd time Sophos is the only vendor named a Customers’ Choice across Endpoint Protection Platforms, Network Firewalls, and Managed Detection and Response rajansanhotra Go to sophos
-
From the frontlines: Our CISO’s view of Pacific Rim
From the frontlines: Our CISO’s view of Pacific Rim On beyond “Detect and Respond” and “Secure by Design” Ross McKerchar Go to sophos
-
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign The Internet is full of cats—and in this case, malware-delivering fake cat websites used for very targeted search engine optimization. gallagherseanm Go to sophos
-
VEEAM exploit seen used again with a new ransomware: “Frag”
VEEAM exploit seen used again with a new ransomware: “Frag” Last month, Sophos X-Ops reported several MDR cases where threat actors exploited a vulnerability in Veeam backup servers. We continue to track the activities of this threat cluster, which recently included deployment of a new ransomware. The vulnerability, CVE-2024-40711, was used as part of a…
-
Sophos MDR blocks and tracks activity from probable Iranian state actor “MuddyWater”
Sophos MDR blocks and tracks activity from probable Iranian state actor “MuddyWater” Sophos MDR has observed a new campaign that uses targeted phishing to entice the target to download a legitimate remote machine management tool to dump credentials. We believe with moderate confidence that this activity, which we track as STAC 1171, is related to…