Sophos, a global provider of next-generation cybersecurity, has released the “Active Adversary Playbook 2022,” which details attacker behaviors observed in the wild by Sophos’ Rapid Response team in 2021.

REvil, also known as Sodinokibi, came in second with 7.1%, followed by Hello Kitty and Phobos (4.8% each). Conti’s Dark Web leak site also contained the names of 511 organizations, the most of any group.

The report details how the second half of 2021 established high-powered botnet armies and rebalanced the scales between volumetric and direct-path (non-spoofed) attacks.

Some of the tactics attackers use to coerce victims into paying are ruthless and could potentially be more damaging to an organization than a period of downtime. Attackers deliberately try to undermine their target’s relationships, trust and reputation. Sometimes the approach they take is very public; at other times, it’s more direct and personal.

DNS’s central location at the foundation of the network also makes it possible to use as a powerful security tool. As one of the first services a device uses when it connects to the network, DNS can give network administrators visibility across the entire network, allowing them to identify and isolate compromised machines before they can cause significant damage.