SophosLabs 2020 Threat Report
WannaCry Aftershock
Machine Learning With Feature Selection Using Principal Component Analysis for Malware Detection: A Case Study
SophosLabs Matrix Report

Today's Malware

Real-time data on the top malware threats from our award-winning SophosLabs Team.More

Today's Spam Threats

We monitor spam from all sources, every day. View our spam dashboard for real-time data.More
Adware and PUAs
Controlled Applications

IP-Adresse prüfen


If you can see this then you have CSS disabled. This is a honeypot to catch bots, leave this textbox empty



127.0.0.1

Es ist ein Fehler aufgetreten. Bitte versuchen Sie es später erneut.

Die SophosLabs pflegen Listen verdächtiger IP-Adressen, bei denen es sich möglicherweise um Spamquellen handelt.

Submit An Appeal

IP Address Classification Policy

Threat Awareness

Share your questions, answers, advice and comments about threats in the Sophos Community.

Visit the Forum

Technical Papers

Here you will find a range of papers aimed at system administrators and security specialists on a variety of topical issues. Some of these papers have been presented at security seminars and technical conferences around the world.

SophosLabs 2018 Malware Forecast

In this report, we review malicious activity SophosLabs analyzed and protected customers against in 2017 and use the findings to predict what might happen in 2018.

View Research

Your handy guide to machine learning at Sophos

Sophos data scientists have written several articles about how machine learning works, how it will be applied to Sophos, and what that will mean for customers. This is a handy guide to that content.

View Research

Machine Learning: How to Build a Better Threat Detection Model

A look at how Sophos develops its machine learning models. Here, we explain the concepts and show the development and evaluation of a toy model meant to solve the very real problem of detecting malicious URLs.

View Research

Ransomware as a Service (RaaS): Deconstructing Philadelphia

Kits available on the Dark Web allow the least technically savvy among us to do evil. Philadelphia is one of the slickest, most chilling examples.

View Research

CVE-2017-0199: life of an exploit

The normal lifecycle of an Office exploit starts with the initial use in targeted attacks. Then, at some point, the information leaks out and cybercrime groups start using it more widely. Offensive security researchers then start experimenting with AV evasion, and the exploit finally ends up in underground exploit builders. Normally this cycle can take a few months. In the case of the CVE-2017-0199 Word exploit, we have observed this in a much more accelerated time scale.

View Research

BetaBot Configuration Data Extraction

This paper explores the inner workings of Betabot, including capabilities of the associated botnet server components and technical detail on how to extract and decrypt configuration data.

View Research
All Research

Featured Videos

Attacking/Defending Machine Learning Based SoftwareJoshua Saxe

Getting Insight Into Deep Neural NetworksRichard Harang

Network security threats explained: Social engineering

Petya Ransomware Attack: How to Protect Yourself

How WannaCry ransomware works

Comparing the incomparables Gábor Szappanos

Practical Shellcode Analysis Gábor Szappanos

The AI Challenge

Are you smarter than a machine? Play the game to find out.

Play the Game

Meet a SophosLabs Researcher

SophosLabs has a talented team of threat researchers and data scientists worldwide.

Learn More

Latest News

All News
12
Nov

Patch Tuesday targets Hyper-V virtual machines in November, 2019 updates

Microsoft released their monthly security updates for November, 2019, this morning. This month, Microsoft said the company fixed a total of 73 vulnerabilities across its product lines. Thirteen of the fixes address problems Microsoft classifies as Critical, the most urgent type of problem to address. The company classified the repair of an additional 59 bugs […]
05
Nov

SophosLabs surveys the threat landscape for 2020 trends

SophosLabs this morning published its annual assessment on the state of internet and information security, and our outlook on what security threats are likely to affect the world in the coming year: the SophosLabs 2020 Threat Report, available for download now. This year, our report broadens the scope of our analysis to cover topics beyond […]
09
Oct

Microsoft fixes drop in number for October, 2019 updates

A relatively low number of vulnerabilities were addressed in this month's Windows update rollups
08
Oct

Icon-hiding Android adware returns to the Play Market

Adware apps attempt to evade easy removal by, literally, hiding their app icons from users
01
Oct

Lemon_Duck PowerShell malware cryptojacks enterprise networks

SophosLabs are monitoring a significant spike in crypto mining attacks, which spread quickly across enterprise networks. Starting from a single infection, these attacks use a variety of malicious scripts that, eventually, turn an enterprise’s large pool of CPU resources into efficient cryptocurrency mining slaves. The threat actors behind these campaigns have been using an array […]
25
Sep

‘Fleeceware’ apps overcharge users for basic app functionality

Unscrupulous publishers take advantage of Play Market policy loopholes to charge app users hundreds of dollars
All News

SophosLabs Overview

Data Science
  • Machine learning model development
  • Artificial intelligence research, thought leadership
Threat Intelligence
  • Rapid response to new threats and escalations
  • Deep research into threats and attack profiles
Operations
  • Automation of threat analysis and response
  • Quality assurance testing, analysis, and metrics