Sophos 2020 Threat Report: Ransomware attackers raise the stakes

Recently, Sophos, a global network and endpoint security vendor, released the 2020 Cyber ​​Threat Report written by SophosLabs researchers, analyzing the changes in the cyber threat situation over the past 12 months and predicting how developments will affect cybersecurity in 2020.

Joe Levy, Chief Technology Officer at Sophos, said: “The cyber threat landscape continues to evolve, and the pace and degree of change are even faster and harder to predict than ever. The only thing we can determine is what is happening now, so Sophos’s 2020 The Cyber ​​Threat Report focuses on analyzing the impact of current trends on the coming year, and highlights how attackers are becoming more secretive, better at exploiting others’ mistakes and using mobile apps, the cloud, and internal networks to hide where they are and escape threat detection. This report can be used as a guide to help defenders better understand what they might be facing in the coming months, so they can be prepared.”

The SophosLabs 2020 Cyber ​​Threat Report focuses on six major threats that have grown significantly in the past year. Among them, the following four cyber-attack methods will have the greatest impact on network security in 2020:

  • Attackers continue to make ransomware more dangerous with the automated active attack (AAA) – cybercriminals use system management tools trusted by the business to evade security monitoring measures and ban backups with the greatest impact in the shortest time.
  • Junk apps are closer to malicious programs – Android Fleeceware, which abuses the ordering mechanism, and adware that is more covert but more aggressive than ever before in the past year. This threat report indicates that they and other potentially unwanted applications (PUA), such as browser plug-ins, have become agents that deliver and execute malware or fileless attacks.
  • Operator misconfiguration is the biggest vulnerability in cloud computing – as cloud systems become more complex and flexible, operator errors are becoming a more serious risk. Coupled with the lack of visibility of general systems, the cloud computing environment has become a target for hackers.
  • Machine learning to combat malicious programs under attack -2019 marks the beginning of attacks on security systems using machine learning technology. Studies have shown that machine learning detection models can be deceived, and machine learning techniques can also create convincing fake content as a means of social engineering attack. At the same time, defenders use machine learning to identify malicious emails and URLs. This advanced cat and mouse game is expected to become more common in the future.

In addition, the SophosLabs Cyber ​​Threat Report 2020 covers other trends, including the danger of failing to detect cybercriminal activity hidden in wider network scanning; hackers continue to target the Remote Desktop Protocol (RDP) vulnerabilities, and automated active attacks are becoming more sophisticated.