Sophos released the Sophos 2022 Threat Report, which highlights how ransomware’s black hole is attracting other cyberthreats to form one vast, linked ransomware delivery system– with serious ramifications for IT security.

Mozi was first identified in 2019 and has been evolving ever since. It can now persist on network devices by infiltrating device’s file system, remaining functional even after the device has been rebooted. During the first half of 2021, Mozi topped out at over 360,000 unique systems using more than 285,000 unique source IP addresses, likely due to address translation.

“Adversaries could use social engineering and phishing campaigns in the lead up to the event to obtain access or use previously obtained access to implant malware to disrupt affected networks during the event. Social engineering and phishing campaigns continue to provide adversaries with the access needed to carry out such attacks,” the federal law enforcement agency warned.

The most obvious motivation is financial gain, using the threat of a DDoS attack to hold them to ransom. Other potential motivations could include attacks on behalf of competitors, threat actors looking to use a DDoS attack as a diversion. The good news is that there are several ways to shore up your defenses. Increasingly, this involves stopping attacks from reaching the enterprise network by leveraging cloud-based managed services.

By using architecture models like NAT44 or NAT444, CGNAT can expand IP address pools by 40 – 60x or more. This helps communications service providers support new subscribers and drive growth without the need to purchase new IPv4 numbers on the open market, or to upgrade or enhance home modems, routers, or cellular phones.