Sophos today released its Active Adversary Report for Business Leaders, an in-depth look at the changing behaviors and attack techniques that adversaries used in 2022.
The data, analyzed from more than 150 Sophos Incident Response (IR) cases, identified more than 500 unique tools and techniques, including 118 “Living off the Land” binaries (LOLBins). Unlike malware, LOLBins are executables naturally found on operating systems, making them much more difficult for defenders to block when attackers exploit them for malicious activity.
In addition, Sophos found that unpatched vulnerabilities were the most common root cause of attackers gaining initial access to targeted systems. In fact, in half of investigations included in the report, attackers exploited ProxyShell and Log4Shell vulnerabilities—vulnerabilities from 2021—to infiltrate organizations. The second most common root cause of attacks was compromised credentials.
“When today’s attackers aren’t…
