Sophos recently released its 2021 Threat Report, sharing the key cyber security challenges it projects the world will be facing over the coming year.

In short, the report outlines how cyber criminals are constantly evolving and adopting increasingly aggressive and sophisticated attacks circumnavigate IT security measures.

As Joe Levy, Sophos CTO says, by making sense of the security environment we can make better security decisions.

Because you can’t defend against what you can’t understand.

SOPHOS Reports on How Covid-19 is Impacting Cyber Security

Similarly to what we identified in our cyber security for SMEs advice, the report outlines how working from home presents new challenges for businesses IT security systems.

This is due to rather than having one work-based IT network with a high-level of cyber security protocols in place, businesses are now having to deal with thousands of home networks with varying levels of IT security in place.

Unfortunately, this is making matters more difficult for cyber security companies or internal IT support teams to manage attacks from cyber criminals.

Naturally, this has resulted in an increase in cyber attacks by 23% in the UK during the pandemic.

A study showed that now, as many as 90% of companies interviewed globally had faced a cyber attack during the pandemic.

Hackers Potentially Using COVID-19 to Create a Spam Program

It has been found that hackers have used public fear as a way of optimising their scam tactics and acquiring data through social engineering strategies.

The SOPHOS 2021 Cyber Security Threat Report found that during March, as many as 2300+ coronavirus related domains registered each day.

There were also as many as 7000+ TLS certificate requests with COVID-19 related hostnames.

Some were legitimate while others not so much.

This fed into email scams were scammers were impersonating The World Health Organisation as a way of psychologically reassuring the email recipient to open the emails. This activity will continue into 2021 and you should remain vigilant when checking emails.

A sure fire way to prevent employees falling foul to this new cyber security scam, is to implement a cyber security training programme.

For reference, businesses see a two-thirds ROI from investing in training their staff on cyber security – don’t put your company at risk of hackers!

Beware of the Joker

The Joker Malware, also known as ‘Bread’ is growing in volume, and fast.

This is an SMS and billing fraud application that targets individuals through intuitive human style communications through SMS strategies.

Google Play Store works hard to identify malware and remove/reject any applications with malicious code.

The Joker malware can also be embedded into other apps, which again makes it hard for Google Play store to manage.

Joker uses native code, JNI, instead of DEX. This is developed in C software programming, which slows down analysing code.

DEX is easier to break down and decompile making it easier for human review.

From the SOPHOS Report:

“Joker malware uses this JNI code for sending SMS messages, to make money and as one way of contacting its command-and-control network.

The use of JNI and out-of-band signalling over the phone network instead of the internet may help Joker evade automated dex scanners that don’t speak JNI.”

Ransomware Attacks 

Ransomware continues to target more victims every year, so not surprisingly Sophos has focussed part of the report on the new techniques attackers are using to confuse anti-ransomware protection.

Although the purpose of ransomware remains the same, to encrypt our data and documents, how it appears is increasingly being changed to get around countermeasures.

One particular example is the targeting of managed service provider’s (MSP) tools and systems like their remote monitoring and management (RMM) solutions.

By exploiting vulnerabilities or making use of stolen credentials, criminals can access multiple customers’ infrastructure and endpoints and distribute ransomware remotely, causing exponentially more damage.

A key piece of advice from Sophos is to always make sure that any management accounts or tools use multifactor authentication (MFA).

If you currently work with an MSP or are looking to start doing so, asking what security measures they have in place to protect their own systems and customer management tools is vital.

Additionally, the report found that ransomware operators continue to create new ways to evade endpoint security products.

This allows them to spread rapidly while also being able to target companies with good backups that are securely stored where ransomware might not have been able to harm them previously.

Ransomware Groups Working in Collaboration

Interestingly, new trends show that ransomware groups are working in collaboration to attack businesses IT security rather than competing against each other.

This emphasises the absolute importance of auditing your current cyber security protocols now more than ever.

This, among the other threats to cyber security trends in 2021 may mean you need to upgrade your hardware and software systems too, to ensure that your IT security defence systems are above adequate.


Yes, part of the malware strategy is in the form of advertising.

The report and subsequent activity online has shown that technical support malvertising has become an ever popular means of attacking a systems software for cyber criminals.

How malvertising works is by using ‘browser locking’ to lock a phone’s webpage loading in the relevant browser.

The user is then shown ads acting as technical support and often emphasising a the need for technical assistance.

They then try to move targets towards providing remote access to their hardware and convincing them to purchase high priced technical support software.

This then allows hackers to attain credit card information for use further down the line.

Mobile Security Threats

As well as the seemingly unstemmable avalanche of ransomware attacks, Sophos reports a growing variety of mobile attacks.

Malicious software remains the biggest concern, with some app developers devising ingenious methods to conceal their apps real intent and avoid the detection measures of the likes of Google.

Android phones are particularly at risk, due to the fragmented nature of the mobile phone ecosystem, where the device manufacturers sporadically offer the critical Android OS updates, leaving users open to a broad range of attacks.

Advertising fraud may seem relatively benign, at the end of the day, it is often the advertising brand that ends up paying for fraudulent clicks.

However, users are also impacted. Click fraud can continue when the phone is in sleep mode, draining battery life, incurring higher charges for data usage and generally reduced performance.

A more insidious threat is the “bankers”.

Apps that are designed to steal financial credentials and logins.

With malicious apps designed to exploit Accessibility permissions, criminals can monitor keystrokes when users log into legitimate banking apps and steal credentials.

Remote Desktop Protocol (RDP) Security Risks

Sophos Labs recently found that purposely set up honeypot machines around the world were subjected to over half a million brute force login attempts. Public internet-facing Remote Desktop Protocol (RDP) attacks have been on the rise in 2019.

Attackers use RDP as a route into the networks targeted for compromise and this technique has been the cause of some of the most painful and successful ransomware attacks in the past year.

It is recommended that everything possible be done to prevent exposure of RDP to the public-facing internet.

Security Threats In Cloud Computing 

Sophos highlights how the very scalable and flexible nature of cloud-based storage and data processing brings with it its own very innate challenges.

The pace of change and multitude of configuration options means that administrators themselves can inadvertently open up their own customer database to exposure.

In fact, Sophos believes that the vast majority of security incidents involving cloud platforms happen as a result of misconfiguration.

A further challenge for cloud computing platforms is that many users cannot closely monitor exactly what their devices are doing, giving criminals a longer window to carry out their attacks.

Sophos recommends that having visibility into impacts of configuration changes and the ability to monitor your cloud platform for malicious or suspicious activity are the best ways to combat the threats to the cloud.

Automation and Security

Attackers use a combination of automated tools and human interaction to evade security controls (often described as ‘social engineering’), deploying increasingly stealthy tactics to reach their critical targets.

With automated backups now the routine target of attacks, as attackers know that victims are more likely to pay a ransom if they lose their back up, Sophos advises that organisations should be deploying a combination of both backup and recovery strategies as well as preventative rapid threat neutralisation.

Stealthy tactics extend to the use of the apparently benign to conduct malicious intent.

Potentially unwanted applications (PUAs) and commonly used admin tools can both be used to deliver and execute malware as part of a well-planned quiet attack.

One should not underestimate the sophistication deployed by advanced attackers.

Machine Learning 

Sophos warns of attackers looking for new and advanced ways to evade machine learning defence models, but also highlights how the use of machine learning on the attack side will bring its own challenges, in particular in the guise of vishing attacks.

All these novel approaches highlight the need for multiple layers of protection against attackers.

We have provided our summary of some of the key points within the SOPHOS 2021 Threat Report. If you would like to read the full report, which includes more information and elaboration of each of the key points, you can download a full copy of the report below.

The key message from Sophos is that the pace, scale, and sophistication of threats will only continue to grow. It is vital for businesses and IT providers to keep abreast of these developments and ensure that a multi-layered approach to security is deployed. 

If you would like more information about how Equity can help assess your security posture and recommend the right security solution for your business, then please contact us today.