Firewall News

Top Menu

  • Home
  • Our Blog
  • Contact Us

Main Menu

  • Software Updates
  • Alerts & Bugs
  • Out of the Box
  • Home
  • Our Blog
  • Contact Us

Firewall News

Firewall News

  • Software Updates
    • WatchGuard logo

      TDR 6.0.0 is now integrated into WatchGuard Cloud

      04/01/2021
      0
    • Sophos Logo

      XG Firewall 17.5 MR14 Released

      30/07/2020
      0
    • Sophos Logo

      Sophos Firewall Manager SFM 17.1 MR4 Released

      27/07/2020
      0
    • Sophos Logo

      Sophos Enterprise console - Endpoint Security and Control v10.8.9 for Windows has ...

      16/07/2020
      0
    • Sophos Logo

      Sophos iView v3 MR-2 Released

      07/07/2020
      0
    • Sophos Logo

      SD-RED Firmware 3.0.002 Pattern Update

      06/07/2020
      0
    • Sophos Logo

      XG Firewall 17.5 MR13 Released

      06/07/2020
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for old firmware v17 and v17.1 for XG Firewall

      03/07/2020
      0
    • WatchGuard logo

      Fireware 12.5.4 Now Available

      01/07/2020
      0
  • Alerts & Bugs
    • Sophos Logo

      Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

      29/03/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Updates

      03/03/2022
      0
    • WatchGuard logo

      WatchGuard Support Alert

      23/02/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Reminder

      03/02/2022
      0
    • Sophos Logo

      Sophos: Product Lifecycle Information: Extended Support for Windows 7 and Windows Server ...

      31/01/2022
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for Sophos SSL VPN Client

      29/11/2021
      0
    • WatchGuard logo

      WatchGuard: macOS Monterey 12.0.1 Does Not Support the AuthPoint Logon App

      09/11/2021
      0
    • Sophos Logo

      Sophos UTM Manager (SUM) End of Distribution

      04/11/2021
      0
    • WatchGuard logo

      WatchGuard: End of Sale Notice: AP420

      01/11/2021
      0
  • Out of the Box
    • WatchGuard’s Firebox T80 Earns 5-Star Rating in SC Labs Review

      17/11/2020
      0
    • WatchGuard Wins Big in CRN 2020 Tech Innovator Awards

      16/11/2020
      0
    • Coronavirus scams: what to look for and how to stop them

      02/04/2020
      0
    • Dell SonicWALL TZ 300

      Out the Box - Dell SonicWALL TZ 300

      05/07/2016
      0
    • Dell SonicWALL TZ SOHO

      Out the Box - Dell SonicWALL TZ SOHO

      05/07/2016
      0
    • WatchGuard Firebox T50

      WatchGuard Firebox T50

      31/03/2016
      0
    • WatchGuard Firebox M200

      WatchGuard Firebox M200

      31/03/2016
      0
News
Home›News›Sophos Threat Report 2019

Sophos Threat Report 2019

By admin
14/11/2018
1488
0
Share:
Sophos Labs Uncut

Links to our 2019 Threat Report and related articles.

As 2018 comes to a close, we take a look back on the attack, malware, and exploit trends our SophosLabs researchers have observed during the past year.

Key links:

The SophosLabs 2019 Threat Report

 

Coverage of the 2019 Threat Report on Naked Security

 

The report surveys three overall themes of cyberattack trends that seem to have gained wider acceptance: The use of manual attack techniques, as opposed to other delivery mechanisms, to install ransomware; The wider adoption of so-called living off the land techniques by a broad segment of the malware distribution networks; And the growing threat of cryptocurrency mining and botnets that affect “non traditional” technology platforms such as mobile devices or networked hardware, like routers.

Targeted, manual attacks

Our SamSam report, published earlier this year, was the result of nearly three years of observation, analysis, and support work by a cross-departmental team within Sophos. The research highlighted what was, then, a unique reliance on the skill set of an experienced systems administrator and red team penetration tester to, first, break into an enterprise network, sniff administrator credentials, and then use those privileged controls to manipulate the internal security controls of that network. The attack methodology meant that, while fewer attacks took place each week, the results were far more devastating, and the threat actor could demand a markedly higher ransom. Successive generations of the malware also gradually evolved to become more efficient and destructive over time.

Following the release of that report, the threat actor behind SamSam seemed to slow down the attacks, but a number of copycats adopted these same techniques and continued to target large networks for attack. The one common thread: Each attack group started the break-in by finding, and brute-forcing their way into a single Windows computer that was left accessible to the internet, using the Remote Desktop Protocol.

Using available Windows tools

For some time, we’ve been aware of the use by certain malware attackers of techniques that invoke features common to all modern Windows computers as a stepping stone to the eventual delivery of malware, but in 2018 threat actors who send victims malicioous spam email have all but abandoned the practice of just emailing the malware to victims in the form of the actual malicious executable program, and switched to using a series of interlinked, nonexecutable scripts, exploitable Microsoft Office document vulnerabilities, and Office document macros to build chained attacks whose complexity and variability makes it challenging to identify and halt an attack in progress.

Attacks now commonly use some combination of PowerShell, the Windows Script Host, and “mal-docs” to build a killchain that is designed to thwart retrospective analysis and evade the most common methods by which attacks can be intercepted or halted in-progress.

Mobile and IoT platforms as low-grade cryptojackers

The value of cryptocurrency, such as Bitcoin or Monero, fluctuates wildly, but criminals still want the money if they can get it at your expense, so we’ve seen a rise in the volume of malware payloads that will hijack the victim device to use its computing power — however slight it may be — to slowly perform the advanced math that is used to “mine” cryptocurrency. The industry has adopted the name “cryptojacking” for this practice of hijacking systems for this purpose, and we’ve observed a trend where cryptojacking affects nontraditional devices such as home routers, network attached storage, and networked cameras or DVRs.

Mobile phones are of particular concern because the cryptojacking code adversely reduces the battery life and performance of mobile devices, which is something that the users of those phones are likely to notice but not attribute to this type of attack. Overall, cryptojacking transfers the costs of mining (in terms of both performance, and wear and tear) to the victims and provides no benefit to anyone other than the cryptojacker, whose bank account ever-so-slowly accumulates the result of the miners’ work.

Previous Article

WatchGuard AuthPoint Wins CRN Tech Innovator Award ...

Next Article

Fortinet Version 6.0.3 Release Notes

0
Shares
  • 0
  • +
  • 0
  • 0
  • 0
  • 0

Related articles More from author

  • NewsTrendMicro

    Trend Micro Once Again Ranks Number One in Global Hybrid Cloud Security

    24/06/2020
    By admin
  • Fortinet
    FortinetNews

    Fortinet’s FortiWeb Cloud Powers Continent 8’s New WAF-as-a-Service offering

    03/02/2020
    By admin
  • NewsTrendMicro

    Trend Micro Survey Finds Lack of IT Security Input In DevOps Introduces Cyber Risk for 72% of Companies

    07/10/2019
    By admin
  • MerakiNews

    Meraki – INTRODUCING THE EARLY ACCESS DEVELOPER PROGRAM

    13/11/2019
    By admin
  • Sophos #1 Endpoint
    News

    Sophos ranks #1 for endpoint protection by SE Labs

    25/07/2018
    By admin
  • SonicWall Logo
    NewsSonicWALL

    SONICWALL CAPTURE ADVANCED THREAT PROTECTION COLLECTS ICSA LABS CERTIFICATION

    10/11/2020
    By admin

  • Cisco Meraki
    MerakiNews

    HEALTHY RELATIONSHIPS ARE BUILT ON VISIBILITY

  • Sophos Colossus
    News

    Sophos proud to sponsor the birthplace of Colossus

  • Fortinet Certified ICSA Labs
    News

    Fortinet Certified by ICSA for Advanced Threat Defense

Timeline

  • 29/03/2022

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

  • 03/03/2022

    Sophos: Important Product Lifecycle Updates

  • 01/03/2022

    Shoring up your cybersecurity posture in light of ongoing crisis

  • 23/02/2022

    WatchGuard Support Alert

  • 03/02/2022

    Sophos: Important Product Lifecycle Reminder

Sponsored Links

Latest Comments

  • Paul Sillars
    on
    21/06/2016
    I received this in an email this morning, it was the first I heard about it ...

    Dell Software Group sold to help fund looming EMC deal

  • Paul Sillars
    on
    20/06/2016
    This is going to be an interesting one to watch. Especially after today's announcement that ...

    Ingram Micro gets distribution access to Dell’s security range in Australia

Find us on Facebook

Firewall.News Logo

This site serves more as a reference point for some of the major security vendor's updates and product/press releases

It will never be a definitive list, but it helps our customers keep up to date and also allows us to express our comment and observations as well.

About us

  • PO Box 451, North Lakes, Queensland, 4509, Australia
  • [email protected]
  • Recent

  • Popular

  • Comments

  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Sophos Logo

    Sophos: Important Product Lifecycle Updates

    By admin
    03/03/2022
  • Shoring up your cybersecurity posture in light of ongoing crisis

    By admin
    01/03/2022
  • WatchGuard logo

    WatchGuard Support Alert

    By admin
    23/02/2022
  • Dell SonicWALL Supermassive

    Ingram Micro gets distribution access to Dell’s security range in Australia

    By admin
    14/06/2016
  • Francisco Partners and Elliott Management to Acquire the Dell Software Group

    Dell Software Group sold to help fund looming EMC deal

    By admin
    21/06/2016
  • WatchGuard Firebox M500 – The Cure for HTTPS Performance Headaches

    By admin
    05/03/2015
  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Paul Sillars
    on
    21/06/2016

    Dell Software Group sold to help fund looming EMC deal

    I received this in ...
  • Paul Sillars
    on
    20/06/2016

    Ingram Micro gets distribution access to Dell’s security range in Australia

    This is going to ...

Follow Me

  • Contact
  • About Us
  • Home