Sophos’ Active Adversary Report: Insights on Changing Cyberattack Behaviors in 2022

Sophos, a leading provider of cybersecurity as a service, has released its Active Adversary Report for Business Leaders. The report is an in-depth analysis of the changing behaviors and attack techniques that cyber adversaries used in 2022, based on more than 150 Sophos Incident Response (IR) cases from around the world.

The report reveals that unpatched vulnerabilities and compromised credentials were the most common root causes of successful cyberattacks. In fact, attackers exploited ProxyShell and Log4Shell vulnerabilities in half of the investigations included in the report, demonstrating the importance of timely patching. The report also found that ransomware remains a pervasive threat, accounting for 68% of attacks investigated by Sophos’ IR team.

Sophos identified more than 500 unique tools and techniques used by cyber adversaries in 2022, including 118 “Living off the Land” binaries (LOLBins). Unlike malware, LOLBins are executables naturally found on operating systems, making them much more difficult to block when attackers exploit them for malicious activity.

The report emphasizes the need for businesses to implement layered defenses with constant monitoring and proactive threat intelligence to optimize their security strategies and defenses. It also provides actionable insights and threat intelligence to help organizations stay ahead of cyber adversaries.

To learn more about the changing cyberattack landscape in 2022, and to read the full report, “Everything Everywhere All At Once: The 2023 Active Adversary Report for Business Leaders,” visit

12 May 2023

Author: Terry KS

Share This Post On