The report is based on the findings of an independent, vendor-agnostic survey commissioned by Sophos of 5,000 IT/cybersecurity leaders across 14 countries in the Americas, EMEA, and Asia Pacific. The research reveals that investing in cyber defenses to optimize your insurance position is a double win: organizations report both easier and cheaper access to coverage as well as wider benefits such as improved protection, fewer alerts, and freeing up IT time. This finding further emphasizes the importance of considering cyber risk investments holistically, rather than as individual components.

The fifth Sophos annual study of the real-world ransomware experiences of manufacturing and production organizations around the globe explores the full victim journey, from root cause to severity of attack, financial impact, and recovery time. Fresh new insights combined with learnings from our previous studies reveal the realities facing businesses today and how the impact of ransomware has evolved over the last five years.

Based on that data and Sophos threat research, we see that ransomware continues to have the greatest impact on smaller organizations. But other threats also pose an existential threat to small businesses. Data theft is the focus of most malware targeting small and medium businesses—password stealers, keyboard loggers, and other spyware made up nearly half of malware detections. Email attacks have begun to move away from simple social engineering toward more active engagement with targets over email, using a thread of emails and responses to make their lures more convincing.

The research revealed that the rate of ransomware attacks has remained level, with 66% of respondents reporting that their organization was hit by ransomware in the previous year, the same as in our 2022 survey. With adversaries now able to consistently execute attacks at scale, ransomware is arguably the biggest cyber risk facing organizations today.

In 2022 the cybercriminal economy has increasingly transformed into an industry. Information technology companies have shifted too “as-a-service” offerings, and the cybercrime ecosystem has done the same. Access brokers, ransomware, information-stealing malware, malware delivery, and other elements of cybercrime operations have lowered barriers to entry for world-be cybercriminals.

This report shares seven key lessons learned by breach victims. Each lesson includes simple recommendations and tips, many of which do not require organizations to purchase any tools.

Sophos’ annual threat report drawn from incident response engagements with customers.

An annual survey of 5,400 IT decision makers on the scope, nature, and ramifications of ransomware attacks.

This study provides new insights into the state of cybersecurity skills and resources across the globe.

A survey of over 3,500 IT managers with data and workloads in the public cloud.

A detailed technical analysis of the Kingminer botnet malware, including the C&C network, infection vectors, payload, and auxiliary components.

A survey, conducted by Vanson Bourne, of 5,000 IT managers on their experiences with ransomware. Discusses prevalence, spread, techniques, and impact.

Most blogs or papers about crypto-ransomware typically focus on the threat’s delivery, encryption algorithms and communication, with associated indicators of compromise (IOCs). This research paper takes a different approach: an analysis of the file system activity or behaviors of prominent crypto-ransomware families (hereafter, simply called ransomware).

Contrary to popular belief, every device is worth hacking when the process is automated. It doesn’t matter who or where you are, if you own a company big or small, or have technology in the home – every device can be monetized by an enterprising criminal. Brute force login attempts are likely occurring on any online device. Yet the speed and scale of the problem can boggle the mind. Criminals are relentless and often competitive with one another to find, take over, and monetize your smart devices. The research you’ll find here, using honeypot devices across the internet, is a first step in attempting to quantify the issue.

From the report, “As the report that follows describes, SophosLabs has been observing a small but growing number of criminals forced to resort to a variety of manual hacking techniques – previously the purview of esoteric, targeted attackers – just to maintain their dishonorable income streams. The downside is that it’s much more challenging to halt these hybridized threats using conventional methods, but it also means there are fewer criminals competent enough to conduct them, and we keep driving up the cost of their operations. It’s a Darwinian process, and the sort of shift in attacker/defender economics we’ve been striving to achieve for a long time. We consider that a victory, and the start of a trend of attacker disruption that we intend to continue driving.”

This paper analyzes a cleanup app that is actually malicious.

SophosLabs takes a specific look at threats being downloaded on GooglePlay that mine a mobile phone’s resources while searching for cryptocurrency.

This paper takes a look at a smaller Ransomware family that has not received as much press as the other bigger ransomware families.

This report provides an inside look at a threat being downloaded on Google Play.

In this paper, they explore the differences between legitimate mining and cryptojacking; how cryptojacking works; the costs of cryptojacking to today’s organizations; and practical steps you can take to avoid being a victim of cryptojacking.

This paper set out to study the inner workings of a bankbot because they predict we will see more bankbots in the future.