‘Junk gun’ ransomware: Peashooters can still pack a punch
In the 1960s and ’70s, the US firearms market saw an influx of cheaply-made, imported handguns. Legislators targeted the proliferation...
Sophos X-Ops
Smoke and (screen) mirrors: A strange signed backdoor
In December 2023, Sophos X-Ops received a report of a false positive detection on an executable signed by a valid...
Remote Desktop Protocol: The Series
Remote Desktop Protocol (RDP) was developed by Microsoft to allow users, administrators, and others to connect to remote computers over...
Remote Desktop Protocol: Exposed RDP (is dangerous)
Is it honestly so bad to expose a server with RDP to the internet? In order to find out, we...
Remote Desktop Protocol: Queries for Investigation
Since investigators see so many RDP artifacts in the course of incident responses, they’ve naturally evolved a few favorite tools...
Remote Desktop Protocol: How to Use Time Zone Bias
Most defenders are familiar with how to find and look for suspicious RDP lateral movement, whether that means looking based...
Remote Desktop Protocol: Executing the 4624_4625 Login Query
The 4624_4625 login events query provides defenders, specifically analysts, with a useful tool for both identifying successful RDP logins (Windows...
The 2024 Sophos Threat Report: Cybercrime on Main Street
Cybercrime affects people from all walks of life, but it hits small businesses the hardest. While cyberattacks on large companies...
It’ll be back: Attackers still abusing Terminator tool and variants
BYOVD (Bring Your Own Vulnerable Driver) is a class of attack in which threat actors drop known vulnerable drivers on...
ConnectWise ScreenConnect attacks deliver malware
Sophos X-Ops is tracking a developing wave of vulnerability exploitation targeting unpatched ConnectWise ScreenConnect installations. This page provides advice and...
Safer Internet Day is as important as ever
The Internet has become a ubiquitous part of everyday life and while its advantages are numerous and far-reaching, we all...
Cryptocurrency scams metastasize into new forms
In the spring of 2023, a recent retiree was drawn into what would become a horrifically expensive “relationship.” Lured through...
“Inhospitality” malspam campaign targets hotel industry
Sophos X-Ops is warning the hospitality industry that a campaign targeting hotels worldwide with password-stealing malware is using emailed complaints...
“Inhospitality” malspam campaign targets hotel industry
Sophos X-Ops is warning the hospitality industry that a campaign targeting hotels worldwide with password-stealing malware is using emailed complaints...
Press and pressure: Ransomware gangs and the media
Historically, threat actors weren’t keen to engage with journalists. They may have followed press coverage about themselves, of course, but...
