News
NETSCOUT Highlights Cyberthreats to Watch Out for in 2023

NETSCOUT has revealed its top security trends to watch out for in 2023. Based on recent data, the company has predicted that geopolitical unrest, the evolution of ransomware, and the growing popularity of Adaptive DDoS, Direct-Path DDoS, and Outbound and Cross-bound DDoS attacks will have a significant impact on the security industry in 2023.
Emad Fahmy, Systems Engineering Manager Middle East at NETSCOUT, explained, “In the world of cybercrime, innovation is a constant. By constantly innovating and adapting, attackers are designing new, more effective attack vectors or doubling down on existing effective methodologies. Although the future is always difficult to predict, one thing is certain, cyber-attacks will not subside. Moreover, when it comes to cyber-attacks, no business sector is off-limits. Cybercriminals target regional businesses of all sizes and in all sectors, whether public or private.”
Geopolitical Unrest
Although distributed denial-of-service (DDoS) attacks have steadily increased over the past 20 years, recent data firmly establishes the reality that network operators need to understand, prepare for, and expect attacks related to politics, religion, and ideology. Nation-state actors often directly target internet infrastructure to take out critical communications, e-commerce, and other vital infrastructure dependent on internet connectivity. This, of course, means targeting internet service provider (ISP) networks to limit internet connectivity.
Further, nation-states typically possess vastly greater resources at their disposal than other malicious actors. Every year, they create new DDoS attack vectors, proving that they are constantly innovating and exploring new, more potent attack methods. As DDoS defenses become more precise and effective, attackers continue to develop new DDoS attack vectors and methodologies to circumvent these defenses. These advanced techniques invariably find their way into the hands of criminal gangs and even individual hackers, who turn them against any entity from whom they can profit.
Ransomware
Ransomware attacks have posed a significant threat to businesses and individuals in recent years and will continue to evolve and become more sophisticated in 2023. One trend that will continue to evolve is the use of ransomware in combination with other attacks, such as supply chain attacks. It is also likely that malicious actors will continue to target specific industries or types of organizations with ransomware attacks, specifically to maximize their profits. For example, hospitals and other healthcare organizations have been particularly vulnerable to ransomware attacks in the past because, with lives at stake, they may be more willing to pay a ransom to regain access to critical systems and data.
Another ransomware trend that will continue in 2023 is the use of triple extortion attacks. These campaigns begin by infiltrating a network and stealing valuable assets, such as trade secrets, source codes, credit cards, authentication credentials, and other personally identifiable information (PII). In phase two, ransomware is planted to encrypt valuable data or even entire storage systems. At this point, cybercriminals will demand a ransom in exchange for decryption keys. If the victim refuses to pay the ransom, perhaps because they could simply restore good backups, the threat actors then threaten to release sensitive data publicly if the ransom is not met.
This form of attack has been around for several years and can add additional pressure on the victim because the potential repercussions of the data being released to the public can be severe. While the first two actions can be invisible to the public, the third phase cannot escape publicity. Finally, a DDoS attack or even the threat of such turns the pressure up to the max. If the ransom is not paid, DDoS can take down an organization’s internet presence, thus exposing the entirety of the security threat and failure to protect valuable assets.
Adaptive DDoS
In an adaptive DDoS attack, adversaries conduct extensive pre-attack reconnaissance to identify specific elements of the service delivery chain to target. They are increasingly employing botnet nodes and reflectors/amplifiers that are closer to the target, a trend recently observed in botnet attacks on Ukraine. This minimizes the number of boundaries that DDoS attack traffic must traverse, often resulting in fewer opportunities to detect and mitigate the attack. The combination of increased available bandwidth and throughput increased populations of abusable devices, and adaptive DDoS attack techniques magnify the threat to network operators. As such, network operators should move from a default posture of DDoS mitigation to a new posture of DDoS suppression.
Direct-Path DDoS Attacks
Direct flooding and application-layer DDoS attacks are becoming more popular as anti-spoofing efforts increase globally, making it more difficult for spoofed packets to travel across the internet. Old techniques have become popular again as this methodology returns from the past, back before reflection/amplification attacks dominated the landscape. Enhanced for the modern network, these attacks now come from much more powerful sources, such as cloud-based infrastructure with massive computing and bandwidth resources. Further, adversaries are compromising hosts much closer to the target, thus avoiding many layers of transit, potential discovery, and mitigation. Because of this, organizations must beware of the enemy within.
Outbound and Cross-bound DDoS Attacks
Those are not the only threats coming from within – DDoS attack traffic is increasingly originating from within the network it is targeting, thus avoiding ingress and transit points. DDoS defenses traditionally have been focused on protecting internet properties and networks by implementing detection and mitigation technologies at points of convergence for inbound network traffic. This approach worked well to protect targeted organizations and networks from inbound DDoS attacks; however, outbound and cross-bound DDoS attacks can be just as devastating and disruptive as inbound attacks. Because of adversary innovation and adaption, defenders must change their way of thinking and, in turn, adapt to the current threat landscape.
News
Sophos Completes Secureworks Acquisition

Sophos and Secureworks have announced the completion of Sophos’ acquisition of Secureworks. The all-cash transaction values Secureworks at approximately $859 million. With the completion of the acquisition, Secureworks’ common stock has ceased trading on Nasdaq. Thoma Bravo, a leading software investment firm, backs Sophos.
With this acquisition, Sophos is now the leading pure-play cybersecurity provider of Managed Detection and Response (MDR) services, supporting more than 28,000 organizations of all sizes worldwide. The combination will enable Sophos to deliver an unparalleled security operations platform, featuring hundreds of built-in integrations for adaptive protection, detection and response for mitigating cyberattacks. The open and scalable platform helps organizations, especially those with diverse IT estates, safeguard current and future technology investments, providing greater operational efficiencies and return on cybersecurity spend. Sophos X-Ops is also expanding its threat intelligence and security services capabilities by adding the Secureworks Counter Threat Unit and security operations and advisory teams.
As a channel-first cybersecurity provider, Sophos remains unwavering in its commitment to delivering cutting-edge security services and technologies that empower our global community of resellers, Managed Service Providers (MSPs) and Managed Security Services Providers (MSSPs). This includes expanding their reach, enhancing operational scalability and providing stronger defences to the countless organizations that need the ability to effectively defend against today’s constant and complex cyberattacks.
“The market is embracing MDR as a clear means to deliver positive cybersecurity outcomes, and this has meant rapid growth in the category,” said Joe Levy, CEO, Sophos. “Sophos is differentiated by our very mature competencies in ransomware detection, malware analysis and threat actor tradecraft. These defences are further augmented by Sophos’ native artificial intelligence (AI), first innovated by our globally peer-recogniwed AI team nearly a decade ago, and embedded in our MDR, endpoint, network, email, and cloud security to more effectively neutralize and stop threats. With the integration of Secureworks, our expanded services and product portfolio will provide even stronger end-to-end security solutions that will include identity threat detection and response (ITDR), next-gen SIEM and managed risk, all in a single open platform. We will also be able to further advance our AI, threat intelligence and attack research through more diverse and deeper global telemetry that is analyst-tuned for the real world. At every level, we are very excited about this next accelerated chapter for Sophos.”
In the near term, Sophos and Secureworks are operating business as usual, working with our respective channel partners, MSPs and MSSPs worldwide to distribute our existing security services and technology. Both companies’ sales and customer experience groups will operate to support existing customers, assist with renewals and develop current and new business opportunities. Sophos protects more than 600,000 customers worldwide with its portfolio of MDR, endpoint, network, email, and cloud security solutions that integrate and adapt to provide real-time defence through the Sophos Central platform.
Under the terms of the agreement, Sophos acquired Secureworks in an all-cash transaction valued at approximately $859 million. Secureworks shareholders, including Dell Technologies, will receive $8.50 per share in cash. This represents a 28% premium to the unaffected 90-day volume-weighted average price (VWAP). Kirkland & Ellis LLP acted as legal counsel to Sophos, Goldman Sachs & Co. LLC., Barclays, BofA Securities, HSBC Securities (USA) Inc., and UBS Investment Bank acted as financial advisors and provided debt financing for the transaction. Piper Sandler & Company and Morgan Stanley & Co. LLC acted as financial advisors to Secureworks, and Paul, Weiss, Rifkind, Wharton & Garrison LLP acted as legal counsel.
Artificial Intelligence
DeepSeek Popularity Exploited in Latest PyPI Attack

The Supply Chain Security team at Positive Technologies’ Expert Security Center (PT ESC) discovered and neutralised a malicious campaign in the Python Package Index (PyPI) repository. This attack was aimed at developers, ML engineers, and anyone seeking to integrate DeepSeek into their projects.
The attacker’s account, created in June 2023, remained dormant until January 29, when the malicious packages deepseeek and deepseekai were registered. Once installed, these packages would register console commands. When these commands were executed, the packages began stealing sensitive user data, including information about their computers and environment variables often containing database credentials and access keys to various infrastructure resources. The attackers used Pipedream, a popular developer integration platform, as their command-and-control server to receive the stolen information.
Stanislav Rakovsky, Head of Supply Chain Security at PT ESC, explained, “Cybercriminals are always looking for the next big thing to exploit, and DeepSeek’s popularity made it a prime target. What’s particularly interesting is that the malicious code appears to have been generated with the help of an AI assistant, based on comments within the code itself. The malicious packages were uploaded to the popular repository on the evening of January 29.”
Given the heightened interest in DeepSeek, this attack could have resulted in numerous victims if the malicious activity had gone unnoticed for longer. Experts at Positive Technologies strongly recommend being more attentive to new and unknown packages.
Artificial Intelligence
SentinelOne to Spotlight AI-Driven Cybersecurity at LEAP 2025

SentinelOne has announced its participation at LEAP 2025, alongside its distributor, AlJammaz Technologies. The company will showcase its AI-powered cybersecurity solutions including advanced EDR, XDR, and ITDR solutions designed to deliver autonomous protection against evolving cyber threats.
SentinelOne’s solutions align with the Kingdom’s strategic priorities by offering proactive AI-driven protection for critical infrastructure, enterprises, and government entities. The company’s Singularity platform, known for its real-time, AI-driven threat detection, response, and prevention, will be at the centre of its presence at the exhibition. The platform enables enterprises to protect their endpoints, cloud environments, and identity layers, allowing them to innovate confidently amidst evolving cyber threats.
Speaking on their participation, Meriam ElOuazzani, Senior Regional Director, META at SentinelOne, said, “Cybersecurity remains central to progress with Saudi Vision 2030’s digital leadership and economic goals, and our solutions empower businesses to outpace evolving threats and fuel growth. By participating at LEAP, we aim to engage with key stakeholders in the tech ecosystem, explore new partnerships, and demonstrate how our solutions are reshaping workforce capabilities and the future of digital resilience.”
SentinelOne’s AI strategy focuses on delivering autonomous, real-time protection by leveraging machine learning and behavioural AI. This ensures businesses can detect, mitigate, and remediate cyberattacks faster and more effectively than traditional solutions. Senior executives from SentinelOne will be onsite at the AlJammaz Executive Lounge in Hall 1 to share insights on AI-driven security strategies and the future of autonomous cybersecurity. Visitors can also experience live demonstrations of the Singularity platform.
-
Artificial Intelligence1 week ago
DeepSeek Popularity Exploited in Latest PyPI Attack
-
Artificial Intelligence1 week ago
SentinelOne to Spotlight AI-Driven Cybersecurity at LEAP 2025
-
Cyber Security4 days ago
Employees Are the First Line of Defense
-
News6 days ago
Sophos Completes Secureworks Acquisition
-
Homeland Security1 week ago
Daimler Truck Focuses on Growth in the Defence Sector
-
Cyber Security4 days ago
Proactive Threat Intelligence Can Keep Threats at Bay
-
Cyber Security3 days ago
Cloud and IoT Vulnerabilities Expose Smart Cities and Industrial Systems to Cyber Risks
-
Cyber Security1 week ago
Tenable Plans to Acquire Vulcan Cyber