Sophos 2020 Threat Report shows how cyberattackers are raising the stakes in ransomware, increasing stealth in malicious Android apps, exploiting misconfiguration in the cloud, and abusing machine learning

OXFORD, U.K. — November 5, 2019 —

Sophos (LSE: SOPH), a global leader in cloud-enabled next-generation cybersecurity, today launched its 2020 Threat Report providing insights into the rapidly evolving cyberthreat landscape. The report, produced by SophosLabs researchers, explores changes in the threat landscape over the past 12 months, uncovering trends likely to impact cybersecurity in 2020.

“The threat landscape continues to evolve – and the speed and extent of that evolution is both accelerating and unpredictable. The only certainty we have is what is happening right now, so in our 2020 Threat Report we look at how current trends might impact the world over the coming year.  We highlight how adversaries are becoming ever stealthier, better at exploiting mistakes, hiding their activities and evading detection technologies, and more, in the cloud, through mobile apps and inside networks. The 2020 Threat Report is not so much a map as a series of signposts to help defenders better understand what they could face in the months ahead, and how to prepare,” said John Shier, senior security advisor, Sophos.

The SophosLabs 2020 Threat Report, which is also summarized in a SophosLabs Uncut article, focuses on six areas where researchers noted particular developments during this past year. Among those expected to have significant impact on the cyberthreat landscape into 2020 and beyond are the following:

Ransomware attackers continue to raise the stakes with automated active attacks that turn organizations’ trusted management tools against them, evade security controls and disable back ups in order to cause maximum impact in the shortest possible time.

Unwanted apps are edging closer to malware. In a year that brought the subscription-abusing Android Fleeceware apps, and ever more stealthy and aggressive adware, the Threat Report highlights how these and other potentially unwanted apps (PUA), like browser plug-ins, are becoming brokers for delivering and executing malware and fileless attacks. 

The greatest vulnerability for cloud computing is misconfiguration by operators. As cloud systems become more complex and more flexible, operator error is a growing risk. Combined with a general lack of visibility, this makes cloud computing environments a ready made target for cyberattackers.

Machine learning designed to defeat malware finds itself under attack. 2019 was the year when the potential of attacks against machine learning security systems were highlighted. Research showed how machine learning detection models could possibly be tricked, and how machine learning could be applied to offensive activity to generate highly convincing fake content for social engineering. At the same time, defenders are applying machine learning to language as a way to detect malicious emails and URLs. This advanced game of cat and mouse is expected to become more prevalent in the future.

Other areas covered in the 2020 Threat Report include the danger of failing to spot cybercriminal reconnaissance hidden in the wider noise of internet scanning, the continuing attack surface of the Remote Desktop Protocol (RDP), and the further advancement of automated active attacks (AAA).

For additional and detailed information on threat landscape trends and changing cybercriminal behaviours, please reference the entire SophosLabs 2020 Threat Report at https://www.sophos.com/threatreport.

A companion report, outlining how the 11 most prominent and persistent ransomware families attack, will be published shortly. Sophos Naked Security will also reference the 2020 Threat Report in upcoming coverage.

Über Sophos

Sophos ist ein führender Anbieter im Bereich Cybersicherheit und schützt weltweit 600.000 Unternehmen und Organisationen mit einer KI-gestützten Plattform und von Experten bereitgestellten Services. Sophos unterstützt Unternehmen und Organisationen unabhängig von ihrem aktuellen Sicherheitsniveau und entwickelt sich mit ihnen weiter, um Cyberangriffe erfolgreich abzuwehren. Die Lösungen von Sophos kombinieren maschinelles Lernen, Automatisierung und Echtzeit-Bedrohungsinformationen mit der menschlichen Expertise der Sophos X-Ops. So entsteht modernster Schutz mit einer 24/7 aktiven Erkennung, Analyse und Abwehr von Bedrohungen.
Das Sophos-Portfolio beinhaltet branchenührende Managed Detection and Response Services (MDR) sowie umfassende Cybersecurity-Technologien– darunter Schutz für Endpoints, Netzwerke, E-Mails und Cloud-Umgebungen, XDR (Extended Detection and Response), ITDR (Identity Threat Detection and Response) und Next-Gen-SIEM. Ergänzt wird das Angebot durch Beratungs-Services, die Unternehmen und Organisationen helfen, Risiken proaktiv zu reduzieren und schneller zu reagieren – mit umfassender Transparenz und Skalierbarkeit, um Bedrohungen immer einen Schritt voraus zu sein.
Der Vertrieb der Sophos-Lösungen erfolgt über ein globales Partner-Netzwerk, das Managed Service Provider (MSPs), Managed Security Service Provider (MSSPs), Reseller und Distributoren, Marketplace-Integrationen und Cyber Risk Partner umfasst. So können Unternehmen und Organisationen flexibel auf vertrauensvolle Partnerschaften setzen, wenn es um die Sicherheit ihres Geschäfts geht.  Der Hauptsitz von Sophos befindet sich in Oxford, Großbritannien. Weitere Informationen finden Sie unter www.sophos.de.