In this report, we review malicious activity SophosLabs analyzed and protected customers against in 2017 and use the findings to predict what might happen in 2018.

Sophos data scientists have written several articles about how machine learning works, how it will be applied to Sophos, and what that will mean for customers. This is a handy guide to that content.

A look at how Sophos develops its machine learning models. Here, we explain the concepts and show the development and evaluation of a toy model meant to solve the very real problem of detecting malicious URLs.

Kits available on the Dark Web allow the least technically savvy among us to do evil. Philadelphia is one of the slickest, most chilling examples.

The normal lifecycle of an Office exploit starts with the initial use in targeted attacks. Then, at some point, the information leaks out and cybercrime groups start using it more widely. Offensive security researchers then start experimenting with AV evasion, and the exploit finally ends up in underground exploit builders. Normally this cycle can take a few months. In the case of the CVE-2017-0199 Word exploit, we have observed this in a much more accelerated time scale.

This paper explores the inner workings of Betabot, including capabilities of the associated botnet server components and technical detail on how to extract and decrypt configuration data.