Threat Intelligence, Channel partners, Content, Security Program Controls/Technologies

Sophos Unveils X-Ops Threat Intelligence Group

Sophos has formed Sophos X-Ops, a cross-operational unit that consists of more than 500 cybersecurity experts from its SophosLabs, Sophos SecOps and Sophos AI teams.

The Sophos X-Ops team essentially connects:

  1. The threat response team — the guys who clean up after ransomware and other attacks, locking out the gangsters.
  2. Their labs team — an army of 250-plus researchers around the world who investigate new malware in the wild, often from Russia- or China-based groups.
  3. Their AI team — because humans alone can't monitor a threat landscape so vast, even if there wasn't a huge worker shortage now.

Take a closer look. and the Sophos X-Ops team could potentially provide "emergency room" team services to MSPs, MSSPs and their end customers.

How Sophos X-Ops Works

Sophos X-Ops uses predictive, real-time, real world and researched threat intelligence from each of its groups. From here, the groups can work together to "deliver stronger, more innovative protection, detection and response capabilities," Sophos said.

In addition, Sophos X-Ops is spearheading the development of an AI-assisted security operations center (SOC) that can anticipate the intentions of security analysts and provide relevant defensive actions. This SOC can help security analysts quickly detect, prioritize and respond to indicators of compromise (IOCs), the company asserted.

Cybercriminals Increasingly Target Unpatched Microsoft SQL servers

Sophos X-Ops researchers discovered an uptick in attacks against Microsoft SQL Server installations involving two remote code execution vulnerabilities (CVE-2019-1068 and CVE-2020-0618). During these attacks, cybercriminals leveraged Remcos, a commercially available remote access trojan (RAT). They also deployed various ransomware families, including:

  • TargetCompany
  • GlobeImposter
  • BlueSky

The same threat group was likely responsible for multiple incidents involving CVE-2019-1068 and CVE-2020-0618, according to Sophos X-Ops. Attack victims were primarily based in Asia, and the threat actor responsible for the attacks may be from this region.

Sophos X-Ops will continue to gather threat intelligence, Sophos noted. It also will look for ways to improve Sophos products and services and ensure that organizations can use them to guard against current and emerging cyber threats.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.