News

Latest news on the subject of B2B cyber security >>> PR agencies: Add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Welcome to the SOPHOS Partner Channel

Here you will find all articles, news and whitepapers published by SOPHOS sorted by date.

More than 100 million users in 150 countries trust in SOPHOS. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. SOPHOS offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and web.

Read more

Targeted Russian phishing on 800 EU and US organizations
SophosNews

From Russia with love: Sophisticated social engineering campaign targets access data from 800 organizations. Interestingly, the targets are all in the EU or the USA. Sophos experts see Russian connections. Within 51 days, a group of attackers, presumably from Russia, sent more than 2.000 phishing emails to almost 800 companies and organizations in the government, healthcare, energy and critical infrastructure sectors. The targets were in the UK, Australia, France, Germany, Austria, Italy, the USA and the Netherlands. Perfect phishing with a lot of effort The emails were characterized by...

Read more

MSPs: Cybersecurity professionals in short supply
MSPs: Cybersecurity professionals in short supply Image by Dirk Wouters on Pixabay

In the first "MSP Perspectives 2024" report, Sophos surveyed managed service providers (MSPs) about the daily challenges they face in cybersecurity. The shortage of skilled workers is a particular concern. The biggest challenge for MSPs is keeping up with the latest cybersecurity solutions and technologies - 39 percent of the MSPs surveyed said this. In addition, MSPs believe that another major challenge is hiring new cybersecurity professionals to keep up with customer growth and the latest cyber threats. Lack of internal cybersecurity skills The survey also shows that MSPs are facing a lack of internal...

Read more

Chinese espionage campaign exposed
SophosNews

Sophos experts have uncovered a Chinese espionage campaign in Southeast Asia. Sophos X-Ops finds links between five known Chinese threat groups, including APT41 and BackdoorDiplomacy; attackers use two previously unknown malware variants for espionage and persistence. The report, "Operation Crimson Palace: Sophos Threat Hunting Unveils Multiple Clusters of Chinese State-Sponsored Activity Targeting Southeast Asia," is full of facts. It documents in detail a highly sophisticated, nearly two-year-long espionage campaign against a high-profile government target. Chinese espionage campaign has already been running for two years As part of the Sophos X-Ops investigation launched in 2023, the Managed Detection and Response (MDR) team found three different clusters of activity that...

Read more

Ransomware: 97 percent of those affected seek advice from the authorities

An enormous number of companies turn to official institutions in the event of a cyber attack. The current Sophos State of Ransomware Report confirms that, in addition to just reporting, many of those affected are also looking for advice or instructions on how to restore their data. According to the annual State of Ransomware 2024 Report, 97 percent of organizations surveyed that were victims of ransomware last year worked with law enforcement or other government agencies. This impressively high percentage applies equally to the global and DACH survey results. More than half (59 percent worldwide and 56 percent in…

Read more

Ransomware: Ransom payments with 500 percent plus
Ransomware: Ransom payments with 500 percent plus MS - AI

This year, ransomware payments have increased by 500 percent compared to the previous year in 2023. While the international values ​​are already high at over 1,8 million euros on average, in Germany they are even drastically higher: over 5 million euros on average. Sophos publishes the global study “State of Ransomware 2024”, according to which the average ransom payment increased by 500 percent last year. In international comparison, organizations that paid ransoms reported an average payment of 1.860.260 euros (US$2 million), up from 372.520 euros (US$400.000) in 2023….

Read more

Cheap or home-made junk gun ransomware  
Junk gun ransomware as cheap software or home-made MS-AI

Cheap and clumsy: Criminals rely on new “homemade” ransomware. Is this the end of professional ransomware-as-a-service – RaaS? Some attackers find the RaaS offerings too expensive or they want to reap all the profits. Now the first ones are appearing as cheap ransomware or so-called junk gun ransomware. Ransomware-as-a-Service has been a lucrative business for a decade and is firmly in the hands of professionally organized groups. But now criminals who don't want the expensive kits can resort to quickly cobbled together junk ransomware. Sophos has the so-called “Junk Gun” ransomware and its importance for the malware market…

Read more

Executive floor: Important cybersecurity does not bring any competitive advantages
Executive floor: Important cybersecurity does not bring any advantages in competition - Pixabay Gerd Altmann

As a survey shows, although C-suites see good cybersecurity infrastructure as extremely important for business relationships, at the same time the majority cannot derive a competitive advantage from it. The DA-CH study in C-level management shows the influence cybersecurity has on companies. Sophos is publishing a new, current part of its large-scale management study “Boss, how do you feel about cybersecurity” for Germany, Austria and Switzerland. The figures that have now been published from this year shed light on, among other things, how C-level management in the three countries assess the influence of cybersecurity in their own company on business relationships. The study is a continuation of a…

Read more

How attackers slip through vulnerabilities in web applications
How attackers slip through vulnerabilities in web applications - Image by Mohamed Hassan on Pixabay

Access control vulnerabilities and data disclosure risks are the most common security flaws in corporate-developed web applications. This is shown by a current analysis in the period 2021 to 2023. This makes it too easy for attackers to break into companies. For its report, security specialist Kaspersky examined vulnerabilities in self-developed web applications from companies in the IT, government, insurance, telecommunications, cryptocurrencies, e-commerce and healthcare sectors. Self-developed web applications defective The majority (70 percent) of the vulnerabilities found concern the areas of data protection with regard to confidential information such as passwords, credit card details, health records, personal data and confidential…

Read more

Cybersecurity analysis: What structure does the company use?

The company's organizational structure has far-reaching effects on its cybersecurity. Based on a survey, Sophos examines three organizational scenarios and assesses their effectiveness in cybercrime defense. A dedicated cybersecurity team as part of the IT organization achieves the best results. But not every company has that. Finding trained and experienced specialist staff is one of the major challenges in companies to ensure cybersecurity. Given this discussion, it is therefore particularly important to enable the few available specialists to achieve the greatest possible impact in defending against cyber risks. In this…

Read more

SMEs in sight: cyber attacks on supply chains

Partnerships, services, customer relationships – no organization operates independently. Contracts, compliances and laws regulate cooperation, but what about security criteria? Cyber ​​attacks on supply chains particularly affect small and medium-sized companies, according to the latest threat report from Sophos. In the latest Sophos Threat Report: Cybercrime on Main Street, the security experts report that in 2023 the Sophos MDR team responded increasingly to cases in which companies were attacked via the so-called supply chain, i.e. the supply chain in business and in the IT infrastructure became. In several cases, the vulnerabilities lay in the remote monitoring and management software...

Read more