Sophos Unveils X-Ops Threat Intelligence Group
Sophos has formed Sophos X-Ops, a cross-operational unit that consists of more than 500 cybersecurity experts from its SophosLabs, Sophos SecOps and Sophos AI teams.
The Sophos X-Ops team essentially connects:
- The threat response team — the guys who clean up after ransomware and other attacks, locking out the gangsters.
- Their labs team — an army of 250-plus researchers around the world who investigate new malware in the wild, often from Russia- or China-based groups.
- Their AI team — because humans alone can’t monitor a threat landscape so vast, even if there wasn’t a huge worker shortage now.
Take a closer look. and the Sophos X-Ops team could potentially provide “emergency room” team services to MSPs, MSSPs and their end customers.
How Sophos X-Ops Works
Sophos X-Ops uses predictive, real-time, real world and researched threat intelligence from each of its groups. From here, the groups can work together to “deliver stronger, more innovative protection, detection and response capabilities,” Sophos said.
In addition, Sophos X-Ops is spearheading the development of an AI-assisted security operations center (SOC) that can anticipate the intentions of security analysts and provide relevant defensive actions. This SOC can help security analysts quickly detect, prioritize and respond to indicators of compromise (IOCs), the company asserted.
Cybercriminals Increasingly Target Unpatched Microsoft SQL servers
Sophos X-Ops researchers discovered an uptick in attacks against Microsoft SQL Server installations involving two remote code execution vulnerabilities (CVE-2019-1068 and CVE-2020-0618). During these attacks, cybercriminals leveraged Remcos, a commercially available remote access trojan (RAT). They also deployed various ransomware families, including:
The same threat group was likely responsible for multiple incidents involving CVE-2019-1068 and CVE-2020-0618, according to Sophos X-Ops. Attack victims were primarily based in Asia, and the threat actor responsible for the attacks may be from this region.
Sophos X-Ops will continue to gather threat intelligence, Sophos noted. It also will look for ways to improve Sophos products and services and ensure that organizations can use them to guard against current and emerging cyber threats.