Today, Sophos X-Ops has published Sophos' Annual Threat Report, with a focus on cybercrime affecting small and medium businesses. There are a number of key takeaways from the incident and detection telemetry from 2024:
First, network edge devices-and VPN appliances in particular-have been the largest single initial access point for cybercriminals over the past year, accounting for over 30 percent of all documented initial access methods. /1
Notices by Sophos X-Ops (sophosxops@infosec.exchange)
-
Embed this notice
Sophos X-Ops (sophosxops@infosec.exchange)'s status on Thursday, 17-Apr-2025 02:55:25 JST 
Sophos X-Ops
-
Embed this notice
Sophos X-Ops (sophosxops@infosec.exchange)'s status on Friday, 17-Jan-2025 02:05:06 JST
Sophos X-Ops
Hi everyone, it's @threatresearch driving the X-Ops social media today to let you know about a story we just published, written by my colleague Gabor Szappanos.
Szapi has done significant research in the past into a #malware family called #Gootloader that (for years, now) uses malicious #SEO techniques to promote compromised websites into Google search results.
This research finally cracks wide open the mystery of how they manage to do that so effectively. It's a long read, but well worth the deep dive.
https://news.sophos.com/en-us/2025/01/16/gootloader-inside-out/
1/
-
Embed this notice
Sophos X-Ops (sophosxops@infosec.exchange)'s status on Tuesday, 10-Sep-2024 21:56:16 JST
Sophos X-Ops
Today, we've published a report on Sophos MDR's investigation into renewed cyberespionage tied to Operation Crimson Palace, an intrusion into a SE Asian government agency that has expanded to other regional public service organizations. A month after the previous campaign appeared to end, the actors behind three threat clusters we tracked renewed their efforts with new tools and tactics to evade blocks Sophos X-Ops had deployed to disrupt them. /1
https://news.sophos.com/en-us/2024/09/10/crimson-palace-new-tools-tactics-targets/ -
Embed this notice
Sophos X-Ops (sophosxops@infosec.exchange)'s status on Thursday, 01-Feb-2024 09:26:19 JST
Sophos X-Ops
In August of last year, Sophos X-Ops unveiled its approach to attribution: Rather than focusing on the “who” of attacks, Sophos X-Ops focuses on the “how.” By analyzing highly specific behavioral clues left behind by the attackers, we can find new links between threat activity clusters (TACs) to shorten two of the most critical pieces of responding to an attack: time to detect and time to respond.
On Monday this week, Sophos X-Ops' Morgan Demboski presented our threat activity cluster system at the SANS Cyber Threat Intelligence Summit, specifically as it relates to unraveling the complex underground ransomware network.
https://news.sophos.com/en-us/2023/08/08/enough-attribution-to-count/
All GNU social JP content and data are available under the