What should you expect from a next-gen endpoint protection solution?

this-is-next-genEveryone knows that traditional antivirus isn’t enough to stop today’s advanced threats, so endpoint security vendors are hoping you’ll consider their “next-gen” solutions. But what exactly does “next-gen” mean, and what capabilities should you expect?

At Sophos, we believe next-gen endpoint protection means an integrated system of technologies that protect against all stages of an attack:

1. Prevention: Stopping malware before it can execute.
2. Detection: Identifying quickly when malware is deployed.
3. Response: Taking action instantly when malware is detected.

Let’s take a quick look at the capabilities your endpoint protection needs to counter threats at each stage.

Continue reading

See what everyone’s saying about this year’s Sophos partner conferences

sophos-partner-conference-2016We recently wrapped up our annual partner conference tour, and if it’s possible to sum up all the exciting activities from this year’s events in one word, it would have to be “synchronization.”

Just like last year, the partner conferences this year – held in Cannes, las Vegas, and Bali – had a common theme of “Discover Sophos.” Of course, the big difference this year was the launch of our revolutionary synchronized security strategy.

The annual partner conference tour is our biggest opportunity to get our partners synchronized with our winning strategy. And the feedback from partners this year was overwhelmingly positive.

Continue reading

SophosLabs: Vawtrak banking malware updated with new targets and innovations

vawtrak-bankA new version of a deceptive banking malware has been responsible for a series of attacks on financial institutions in many countries around the world in the past year, SophosLabs reports in a new research paper.

Vawtrak (also known as NeverQuest and Snifula) has been around for a few years now, yet it continues to thrive as a popular crimeware-as-a-service kit used by a variety of cybercriminal groups.

SophosLabs analysis of what we are simply calling Vawtrak version 2 shows the malware authors have introduced new innovations, while making frequent updates to meet demand and stay ahead of defenses.

Continue reading

Sophos takes center stage at Infosecurity Europe 2016

Infosecurity Europe 2016Infosecurity Europe 2016, taking place in London from 7-9 June, will bring together 15,500 information security professionals, 260 expert speakers, 300+ exhibitors and over 100 members of the media.

Join us this year for your chance to grow your professional network, meet with key figures in the field, and learn about the latest security trends and best practices.

James Lyne, Sophos global head of security research, will take center stage for a keynote address on “Cybercrime: What Works in 2016.” James is also a member of the advisory board for the Intelligent Defence technical research conference taking place alongside Infosec.

Continue reading

Why malware authors keep using the same old Microsoft Office exploits

Office exploitsSophosLabs Principal Malware Researcher Gabor Szappanos has closely studied Microsoft Office exploits for the past few years. We’ve previously covered his investigation of the Microsoft Word Intruder exploit creation kit, and his recent paper exploring the most popular Office exploit kits.

In a new research report, Gabor takes a closer look at the top four Office exploit kits used in the last quarter of 2015. He also reports which exploits were most commonly used in malicious documents, and shows us what families of malware were distributed by the studied samples.

As Gabor explains, malware authors are increasingly attracted to document exploits as the initial entry point for their attacks. The attackers spread their booby-trapped Office documents through phishing emails spammed out to large numbers of random recipients (cybercrime groups), or to a more select list of targets (APT groups).

Notably, the majority of Office exploits malware authors have been using in malicious documents are now several years old. The most popular exploit, CVE-2012-0158, has been around for well over three years now.

Continue reading

Follow these best practices to secure your data in the cloud

cloud-aws-best-practicesThere are many misconceptions about cloud security, and it starts with basic misunderstandings about what “the cloud” even is.

Essentially, the cloud is anything hosted and accessed virtually. Webmail systems like Gmail, and social networking sites like Facebook and Twitter are in the cloud. Really, the entire internet is the cloud!

As Sophos experts explain in a new whitepaper describing best practices for cloud security, the most important thing to remember is that when you put data in the cloud, you need to understand how it’s being protected. You shouldn’t assume that security is being taken care of for you.

Continue reading

SophosLabs investigates the most popular Microsoft Office exploit kits

SophosLabs Office exploitsMalware authors have been using Microsoft Office document exploits for quite some time, but in the past couple of years, document malware has experienced a resurgence.

Typically, exploited documents are attached to email messages and sent out to large numbers of random recipients (in the case of cybercrime groups) or a smaller number of selected targets (in the case of APT groups).

Office exploit generators play a crucial role in making Office exploitation available to common cybercriminals. However, despite their significance, most Office exploit kits have not been covered in detail.

In a new research paper, SophosLabs Principal Malware Researcher Gabor Szappanos analyzes some of the most impactful Office exploit generators.

Continue reading