Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

August 2022

Detecting Ransomware on Unmanaged Devices

“If a tree falls in a forest and no one is around to hear it, does it make a sound?” If an unmanaged device is infected with ransomware, will the security operations team receive an alert? Consider a contractor or employee who uses their personal laptop for work. If that device becomes infected with ransomware, not only does it pose a risk to the organization’s data and a risk to other devices within the organization, but the device is not centrally managed.

5 Quick Takeaways from the Verizon Mobile Security Index 2022

Netskope is proud to have again contributed data and insights to Verizon’s annual Mobile Security Index, one of the most influential reports in the industry for evaluating mobile security trends. This report is based on a survey of hundreds of professionals responsible for buying, managing, and securing mobile and IoT devices, making it highly relevant to cybersecurity decision makers who deal with the challenges of hybrid work. Here are some of the highlights.

AsyncRAT: Using Fully Undetected Downloader

AsyncRAT is an open-source remote administration tool released on GitHub in January 2019. It’s designed to remotely control computers via encrypted connection, providing complete control via functionalities such as: Although the official GitHub repository contains a legal disclaimer, AsyncRAT is popularly used by attackers and even some APT groups. Netskope Threat Labs recently came across a FUD (Fully Undetected) Batch script which is downloading AsyncRAT from an Amazon S3 Bucket.

Enhancing Security with AI/ML

Digital transformation has driven the rapid adoption of cloud-delivered services like SaaS/IaaS/PaaS in enterprises. This, in turn, has resulted in the migration of digital assets (aka data) from the confines of enterprise data centers to the cloud data centers that are not under the control of the enterprises. Additionally, the onset of the COVID-19 pandemic has resulted in remote work becoming the norm.

How Do We Secure Our Software Supply Chain?

Software supply chain is anything and everything that contributes to making software functional. This includes code in the developer system, the CICD pipeline, dependencies, binaries, and deployed software in production, as well as people, processes, and the technology space. With the growing adoption of assembling software from distributed, unmanaged components rather than building it from scratch, more often than not, organizations are not aware whose, or what, code is running within their software.

User Experience Matters: Ending the Tug of War Between Security and Performance

Security leaders often question why performance matters. In this blog, we will discuss the “tug of war” that exists between implementing robust security controls and delivering a superior user experience as we spotlight the findings from a new white paper from industry analyst IDC, and highlight why the design of the Netskope NewEdge infrastructure is so important to how we approach these challenges.

Observations and Hot Topics from Black Hat USA 2022 and DEF CON 30

Now that Black Hat USA 2022 and DEF CON 30 are over, it is time to reflect on the security industry nicknamed “Summer Camp”, and the week that was in Las Vegas. We had a number of Netskopers from across different teams on the ground and in-person attending the conferences. Like with any large conferences, there were likely many folks who weren’t able to make it out to Las Vegas this year for myriad reasons.

3 Common Security Misconceptions

In the past, cybersecurity has often been seen as disconnected from the rest of the IT team, as well as from an enterprise’s core business activities. Security professionals in some organisations have been left to operate in their own organisational structures, defining and enforcing policies with little interaction with other departments.

Addressing Insider Risk with Netskope Intelligent SSE

We’d like to think of our coworkers as trusted team members, collaborating on a shared mission to make positive contributions to the well being of the company. For the most part, this is true, but we must also recognize that our coworkers are individuals who may conduct themselves in ways that are detrimental to the company.

AV-TEST Results Show Netskope Threat Protection Efficacy

We measure and test things that are important in our lives, from credit scores to blood pressure. For cybersecurity, testing threat protection defenses is an expected benchmark. Netskope recently completed a set of anti-malware tests with AV-TEST, an independent anti-malware testing lab based in Germany with one of the world’s largest databases of malware samples. Every second, AV-TEST discovers four to five new malware variants.

Abusing Google Sites and Microsoft Azure for Crypto Phishing

Throughout 2022, Netskope Threat Labs found that attackers have been creating phishing pages in Google Sites and Microsoft Azure Web App to steal cryptocurrency wallets and accounts from Coinbase, MetaMask, Kraken, and Gemini. These phishing pages are linked from the comment sections of other websites, where the attacker adds multiple links to the phishing pages, likely to boost SEO and drive victims directly to these pages.

The Importance of a Machine Learning-Based Source Code Classifier

This is the fifth in a series of articles focused on AI/ML. Source code is a critical part of an organization’s intellectual property and digital assets. As more and more centralized source code repositories are moving to the cloud, it is imperative for organizations to use the right security tools to safeguard their source code.

Why the Right Architecture is the Cornerstone of Cloud Security

Alan Hannan is a member of the Netskope Network Visionaries advisory group. The cloud often seems like a black box for many corporate networking and security professionals. They have expertise in optimizing their internal network. Still, once they offload their traffic to the cloud, they figure they’re handing off optimization to the software-as-a-service (SaaS) provider.

App Instance Dashboard Overview

Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data. The Netskope Intelligent Security Service Edge (SSE) platform is fast, easy to use, and secures people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity.

Pivots

Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data. The Netskope Intelligent Security Service Edge (SSE) platform is fast, easy to use, and secures people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity.

Ousaban: LATAM Banking Malware Abusing Cloud Services

Ousaban (a.k.a. Javali) is a banking malware that emerged between 2017 and 2018, with the primary goal of stealing sensitive data from financial institutions in Brazil. This malware is developed in Delphi and it comes from a stream of LATAM banking trojans sourced from Brazil, sharing similarities with other families like Guildma, Casbaneiro, and Grandoreiro.

An Inside Look at How to Keep Open Source Software Dependencies Up-to-Date and Secure

Today, open source software provides the foundation for the vast majority of applications across all industries, and software development has slowly moved toward software assembling. Because of this change in the way we deliver the software, new attack surfaces have evolved and software security is facing new challenges inherent with dependency on open source software.

Introducing Netskope Borderless WAN

Security transformation doesn’t succeed without network transformation. The two go hand-in-hand when it comes to building the secure access service edge (SASE) architecture of the future, and if security degrades the network experience, or the network experience bypasses security, each of those trade-offs introduces more risk to the enterprise—it doesn’t have to be that way.

4 Benefits CIOs Ought to Know About SSE

As a CIO it is very easy to get “new-acronym-deafness.” New innovations need new words and name-tags to identify them, and while analysts work hard to provide benchmarks and standardised definitions, it can be hard to keep up. At Netskope we know how confusing it can get, because sitting at the vanguard of emerging categories means we have had to do our fair share of explainers and re-labelling over recent years.