8 Key Cybersecurity Takeaways From Sophos’s 2021 Threat Report

JUNE 10TH, 2021

Sophos, a worldwide leader in cybersecurity products and services, had a lot to talk about in the Sophos 2021 Threat Report. With a tagline of “Navigating Cybersecurity in an Uncertain World,” this year’s report focuses — understandably — on how the events of 2020 are shaping the state of cybersecurity.

Without giving away the plot, let’s take a look at where we currently stand with cybersecurity — specifically ransomware — before diving deeper into some of the key findings from the Sophos 2021 Threat Report.

Checking In on the State of Ransomware

It has been a busy year for ransomware operators. With a global health crisis to provide a smokescreen, hackers had a field day.

Remote workers became popular ransomware targets during the pandemic, and we will explore the vulnerabilities of remote work in more detail below. But some of the most disruptive and lucrative attacks this year have been against healthcare, government, and other critical infrastructure sectors.

These industries are frequent targets because they tend to store a lot of very sensitive, very valuable data on their networks. Another factor is that the potential impact of prolonged downtime is so significant and damaging that hackers know many organizations will be willing to pay the ransom.

Ransomware operators have introduced new tactics into the mix, including ransomware attacks that target backup files and render them useless for recovery efforts. Other groups expand their approach beyond simply encrypting files to include exfiltrating the files before encrypting them and then threatening to publish or sell the data if the ransom isn’t paid.

Key Findings from Sophos 2021 Threat Report

Ransomware and other cyberthreats are constantly evolving, which makes the annual Sophos threat report an important read. Here are eight of the top findings from the 2021 report.

1. The frequency of cyberattacks and the rate of infection are increasing.

Perhaps the most troubling findings from the threat report are the increased frequency of attacks and how quickly the damage is done. Attacks that once took weeks now take days, which leaves only a small window to detect and shut down a breach before company data is exfiltrated, encrypted, or both.

2. Ransom payments are going up.

Sophos tracked average ransom payments by quarter and found that ransoms have skyrocketed over the past year. In Q4 2019, the average ransom payout was $84,116. By Q3 2020, that amount had more than doubled to $233,817.30.

One reason for the exorbitant jump in ransom payments is that operators target huge companies with deep pockets and a reputation to protect.

3. Extortion on top of encryption is becoming more common.

As mentioned above, double extortion has become a popular ransomware tactic. This approach gives hackers the upper hand, even when an organization has a solid backup strategy in place to restore encrypted data.

Some ransomware gangs have even found extortion so lucrative that they are getting out of the encryption business altogether.

4. Attacks on servers are on the rise.

Sophos’s research found that Windows desktops and laptops are still the most frequent target for hackers. However, in 2021, incidents against servers are steadily increasing, putting both Windows and Linux systems at risk.

Servers are attractive targets for several reasons. They are generally unmonitored, so an attack could go unnoticed indefinitely, leaving hackers with plenty of time to plot the most effective and lucrative attack. Servers also have more privileged access, giving hackers a direct route to the most sensitive company data.

5. “Traditional” delivery methods are still the biggest threat.

Although cybercriminals frequently update their tactics and technology, they also know the value of sticking with what works. Sophos analyzed threat report data and found that tried-and-true attack methods — such as spam email, infected attachments, and malicious links — are still the most successful.

6. Pandemic-themed scams have been very successful.

COVID-19 created the perfect environment for phishing scams and other cyberattacks that are mainly initiated through human error. The Sophos study found that hackers could capitalize on widespread fear and uncertainty with pandemic-themed campaigns that easily tricked employees into clicking links and opening attachments looking for answers and reassurance.

As the pandemic starts to abate and workers return to the office, hackers target them with malicious emails that appear to be from HR or another trusted source and include links to fake safety training and health notices.

7. Remote workers are still vulnerable.

With many organizations opting to maintain either remote or hybrid work environments for the foreseeable future, traditional firewalls and security perimeters are obsolete.

Remote desktop protocol (RDP) and virtual private network (VPN) have long been popular attack vectors for hackers, but with remote workers exponentially expanding the use of remote entry points, ransomware operators took full advantage of the opportunity.

Since before the pandemic, Sophos has been watching this trend and continues to recommend that IT managers keep RDP away from public-facing internet and behind a firewall that requires a zero-trust mechanism to access. Sophos also suggests that organizations always insist on multifactor authentication and strict password policies.

8. Red team software isn’t just for ethical hackers.

Red team and blue team are common cybersecurity terms used to differentiate between two sides of a security assessment team. The red team uses ethical hacking techniques and technology to find and exploit vulnerabilities, and the blue team responds to those findings to eliminate the threat and shore up the weaknesses.

The Sophos study found that ransomware operators are using red team penetration testing tools to hack into systems. These off-the-shelf tools are easy to come by, and because they have a legitimate purpose when used as intended, they are often overlooked by threat detection software.

What’s Next for Cybersecurity in 2021?

The Sophos 2021 Threat Report predicts challenging times ahead for IT security teams. Between ransomware, a global workforce in transition, and more targeted and expensive attacks on the horizon, data protection must be a high priority for organizations of every size. 


Download The 2020 Data Attack Surface Report for an additional take on today’s biggest cyberthreats and what you can do to minimize or even eliminate data loss and downtime for your organization.