While launching its Rapid Response, a fixed-fee remote incident response service, Sophos says it has also identified the use of a malware-as-a-service dropper. New research: “Hacks for sale: Inside the Buer Loader Malware-as-a-Service,” Sophos details how Buer compromises Windows PCs, and enables attackers to deliver a payload.
Sophos Rapid Response aims to provide organisations with a dedicated 24/7 team of incident responders, threat hunters and threat analysts to stop advanced attacks and remove adversaries from their networks, minimizing damage and costs, and reducing recovery time.
It aims to identify and neutralise active cybersecurity attacks throughout its entire 45-day term of engagement. It covers ransomware, network breaches, hands-on keyboard adversaries, and more. The Sophos Rapid Response team can be onboarded and activated within hours, and the majority of attacks triaged within 48 hours, it says.
“This year, devastating ransomware attacks have unfortunately been a gold rush for cybercriminals, and it’s unlike anything the cybersecurity industry has ever experienced. Nearly 85% of the attacks that Sophos Rapid Response has been involved in thus far included ransomware – notably Ryuk, REvil and Maze – and I can say with confidence that most of the other attacks that we were called in to stop would have also resulted in ransomware had we not acted so quickly,” said Peter Mackenzie, incident response manager at Sophos. “Readily accessible tools make it possible for attackers to net bigger pay-outs in one week’s worth of work than most people will make in their lifetime. Criminals infiltrate networks and stealthily plan their attacks in the background, before strategically launching ransomware as the final payload – often during the overnight hours when no one is watching in order to execute on as many machines as possible.”
“When you’re hit with an attack, time is of the essence. Every minute between initial compromise and neutralization counts as adversaries race through the attack lifecycle,” said Joe Levy, chief technology officer at Sophos. “Advanced attacks can quickly halt business operations, and IT managers who have experienced ransomware first hand know this all too well, reporting the need to spend proportionately more time on incident response and less time on threat prevention than those who haven’t been hit. Sophos Rapid Response disrupts active attacks, eliminating the complex and time consuming process of stopping determined attackers, so organizations can get back to their normal operations faster.”