Category: Sophos X-Ops

Game of clones: Sophos and the MITRE ATT&CK Enterprise 2025 Evaluations

Game of clones: Sophos and the MITRE ATT&CK Enterprise 2025 Evaluations Winter is coming – so it must be time for Sophos X-Ops’ report on this year’s MITRE ATT&CK Enterprise Evaluations Matt Wixey Go to sophos

December 16, 2025
Introducing Sophos Intelix for Microsoft Security Copilot

Introducing Sophos Intelix for Microsoft Security Copilot Elevating threat intelligence for all Security Copilot users. Doug Aamoth Go to sophos

December 6, 2025
Introducing Sophos Intelix for Microsoft 365 Copilot

Introducing Sophos Intelix for Microsoft 365 Copilot Bringing Sophos threat intelligence directly into Microsoft 365 Copilot. Doug Aamoth Go to sophos

December 6, 2025
Advancing Cybersecurity for Microsoft Environments

Advancing Cybersecurity for Microsoft Environments From certified MDR services to open threat intelligence frameworks, Sophos is delivering the clarity, context, and confidence organizations need to stay ahead of evolving threats. Sally Adam Go to sophos

November 19, 2025
Phake phishing: Phundamental or pholly?

Phake phishing: Phundamental or pholly? Debates over the effectiveness of phishing simulations are widespread. Sophos X-Ops looks at the arguments for and against – and our own phishing philosophy Ross McKerchar Go to sophos

November 1, 2025
What happens when a cybersecurity company gets phished?

What happens when a cybersecurity company gets phished? A Sophos employee was phished, but we countered the threat with an end-to-end defense process Ross McKerchar Go to sophos

September 23, 2025
Sophos AI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it a new job

Sophos AI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it a new job Following on from our preview, here’s Ben Gelman and Sean Bergeron’s research on enhancing command line classification with benign anomalous data Matt Wixey Go to sophos

August 8, 2025
Shared secret: EDR killer in the kill chain

Shared secret: EDR killer in the kill chain A look under the hood at a tool designed to disable protections Gabor Szappanos Go to sophos

August 7, 2025
GOLD BLADE remote DLL sideloading attack deploys RedLoader

GOLD BLADE remote DLL sideloading attack deploys RedLoader Attacks surged in July 2025 after the threat group updated its process to combine malicious LNK files and a recycled WebDAV technique mindimcdowell Go to sophos

July 30, 2025
Sophos’ Secure by Design 2025 Progress

Sophos’ Secure by Design 2025 Progress One year on, we are pleased to share progress on our secure-by-design commitments. Ross McKerchar Go to sophos

July 29, 2025
Small world: The revitalization of small AI models for cybersecurity

Small world: The revitalization of small AI models for cybersecurity Sophos X-Ops explores why larger isn’t always better when it comes to solving security challenges with AI Matt Wixey Go to sophos

July 24, 2025
SharePoint ‘ToolShell’ vulnerabilities being exploited in the wild

SharePoint ‘ToolShell’ vulnerabilities being exploited in the wild Sophos X-Ops sees exploitation across multiple customer estates Matt Wixey Go to sophos

July 22, 2025
SophosAI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it a new job

SophosAI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it a new job Sophos’ Ben Gelman and Sean Bergeron will present their research on enhancing command line classification with benign anomalous data at Las Vegas Matt Wixey Go to sophos

July 15, 2025
The strange tale of ischhfd83: When cybercriminals eat their own

The strange tale of ischhfd83: When cybercriminals eat their own A simple customer query leads to a rabbit hole of backdoored malware and game cheats Matt Wixey Go to sophos

June 5, 2025
Beyond the kill chain: What cybercriminals do with their money (Part 3)

Beyond the kill chain: What cybercriminals do with their money (Part 3) In the third of our five-part series, Sophos X-Ops explores the more legally and ethically dubious business interests of financially motivated threat actors Matt Wixey Go to sophos

May 16, 2025
Beyond the kill chain: What cybercriminals do with their money (Part 4)

Beyond the kill chain: What cybercriminals do with their money (Part 4) In the fourth of our five-part series, Sophos X-Ops explores threat actors’ real-world criminal business interests Matt Wixey Go to sophos

May 16, 2025
Beyond the kill chain: What cybercriminals do with their money (Part 1)

Beyond the kill chain: What cybercriminals do with their money (Part 1) Sophos X-Ops investigates what financially motivated threat actors invest their ill-gotten profits in, once the dust has settled Matt Wixey Go to sophos

May 16, 2025
Beyond the kill chain: What cybercriminals do with their money (Part 2)

Beyond the kill chain: What cybercriminals do with their money (Part 2) In the second of our five-part series, Sophos X-Ops investigates the so-called ‘white’ (legitimate) business interests of threat actors Matt Wixey Go to sophos

May 16, 2025
PJobRAT makes a comeback, takes another crack at chat apps

PJobRAT makes a comeback, takes another crack at chat apps Sophos X-Ops uncovers a recent campaign from an Android RAT first seen in 2019 – now infecting users in Taiwan Pankaj Kohli Go to sophos

March 28, 2025
Update: Cybercriminals still not fully on board the AI train (yet)

Update: Cybercriminals still not fully on board the AI train (yet) A year after our initial research on threat actors’ attitudes to generative AI, we revisit some underground forums and find that many cybercriminals are still skeptical – although there has been a slight shift Matt Wixey Go to sophos

January 29, 2025
Prioritizing patching: A deep dive into frameworks and tools – Part 2: Alternative frameworks

Prioritizing patching: A deep dive into frameworks and tools – Part 2: Alternative frameworks In the second of a two-part series on tools and frameworks designed to help with remediation prioritization, we explore some alternatives to CVSS Matt Wixey Go to sophos

December 31, 2024
Prioritizing patching: A deep dive into frameworks and tools – Part 1: CVSS

Prioritizing patching: A deep dive into frameworks and tools – Part 1: CVSS In the first of a two-part series exploring tools and frameworks which can help organizations with remediation prioritization, Sophos X-Ops takes a look at the Common Vulnerability Scoring System (CVSS) Matt Wixey Go to sophos

December 28, 2024
Keeping it real: Sophos and the 2024 MITRE ATT&CK Evaluations: Enterprise

Keeping it real: Sophos and the 2024 MITRE ATT&CK Evaluations: Enterprise Sophos X-Ops looks at the realism of this year’s MITRE ATT&CK Evaluations Michael Wood Go to sophos

December 12, 2024
From the frontlines: Our CISO’s view of Pacific Rim

From the frontlines: Our CISO’s view of Pacific Rim On beyond “Detect and Respond” and “Secure by Design” Ross McKerchar Go to sophos

November 27, 2024