Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

November 2022

How Graph-powered SSPM Adds the Right Context

SaaS apps have become the “easy button” for organizations seeking a fast and simple way to make foundational business apps available to their employees. According to Gartner, “SaaS remains the largest public cloud services market segment, forecasted to reach $176.6 billion in end-user spending in 2022,” growing 14% over 2021.

Cloud Threats Memo: Yet Another Cyber Espionage Campaign Exploiting Cloud Services

In the latest example of a cloud service being exploited for cyber espionage, researchers from Trend Micro have shed light on a campaign, conducted between March and October 2022, targeting government, academic, foundations, and research sectors of multiple countries including Myanmar, Australia, the Philippines, Japan, and Taiwan.

Test Drive Netskope Private Access: A Modern ZTNA Solution

We are pleased to announce that Netskope Private Access (NPA) is now available to test drive, meaning you can experience a truly modern zero trust network access (ZTNA) solution firsthand with no commitment and no software to download or install. Selecting and implementing the right ZTNA solution is a crucial part of the SASE journey, and our goal is to make your process of evaluating Netskope Private Access as easy as possible.

Digital Strategies For A Fast Approaching Future

The future is arriving faster than you think. By 2030, fully automated vehicles are expected to account for 12% of global vehicle sales—a number that hikes to 20% for new vehicle sales in China. Tomorrow, 1st December, the first electric, semi-autonomous lorries with a range of 500 miles roll off the Tesla production line – headed to Pepsi.

Detecting Ransomware Using Machine Learning

Ransomware attacks are on the rise. Many organizations have fallen victim to ransomware attacks. While there are different forms of ransomware, it typically involves the attacker breaching an organization’s network, encrypting a large amount of the organization’s files, which usually contain sensitive information, exfiltrating the encrypted files, and demanding a ransom.

What Does The Twitter Chaos Tell Us About The Security Of Our Data?

What a few weeks it has been for Twitter, from the sacking of half its workforce, and the rushed release of a new feature that allows impersonation of people and brands, through to the unintentional lock out of some users with a certain multi-factor authentication (MFA) configuration enabled. Added to this, we have also seen major resignations of key individuals across the Information Security, Privacy and Compliance groups.

Framing the Modern Conversation Around Digital Transformation and Digital Risk

Following my recent AISA session about security transformation in October, I am digging further into the value that can come from both security and digital transformation, applying security service edge capabilities and zero trust principles as part of the broader digital transformation strategy.. In the first part of this three-part blog series, I am going to take a look at how an understanding of digital strategy and digital risk are foundational to a modern security transformation journey.

Netskope Threat Coverage: Prestige Ransomware

In October 2022, a novel ransomware named Prestige was found targeting logistics and transportation sectors in Ukraine and Poland. According to Microsoft, victims affected by Prestige overlap with previous victims targeted by HermeticWiper, spotted in February 2022. The research also shows that the attackers deployed the ransomware within an hour between all victims, abusing highly privileged domain credentials to deploy the payload.

What We See for 2023-Predictions for Cloud Security & Beyond

As the new year draws closer, we’ve asked our experts here at Netskope to see what they have on their radar for 2023. Similar to years past, we’ve broken these predictions out into “Long Shots,” more out-there predictions we think could potentially happen in the next year, and “Trending Topics,” predictions around topics you may have seen discussed a bit this year but digging into how we expect them to evolve. Here’s what our experts see for 2023.

Cloud Abuse: New Technique Using Adobe Acrobat to Host Phishing

Netskope Threat Labs recently discovered a phishing campaign that is abusing Adobe Acrobat to host a Microsoft Office phishing page. While abusing free cloud services to host malicious content is a popular attack technique, this is the first time we have seen Adobe Acrobat used to deliver malicious content. The attack starts with a phishing email that lures the user into opening a PDF file that redirects them to an Adobe Acrobat URL.

Deep Learning for Phishing Website Detection

Phishing is one of the most common online security threats. A phishing website tries to mimic a legitimate page in order to obtain sensitive data such as usernames, passwords, or financial and health-related information from potential victims. Machine learning (ML) algorithms have been used to detect phishing websites, as a complementary approach to signature matching and heuristics.

New Phishing Technique Targeting Over 20 Crypto Wallets

Netskope Threat Labs spotted a new crypto-phishing attack that aims to steal sensitive data from crypto wallets, including private keys and security recovery phrases, disguising itself as a service to revoke stolen ERC (Ethereum Request for Comments) assets. The page was created and hosted with Netlify, which is a free cloud service to create websites and apps.

BlackCat Ransomware: Tactics and Techniques From a Targeted Attack

BlackCat (a.k.a. ALPHV and Noberus) is a Ransomware-as-a-Service (RaaS) group that emerged in November 2021, making headlines for being a sophisticated ransomware written in Rust. It has both Windows and Linux variants and the payload can be customized to adapt to the attacker’s needs. BlackCat is also believed to be the successor of the Darkside and BlackMatter ransomware groups.

The Key Mechanics of Building a Good Security Business Case

As we enter the thick of budget season, especially in a time where budgets are expected to start tightening, security and IT leaders need to anticipate the discussions they are going to have with executive leaders. This means proactively preparing a formal business case for the security program to ensure funding for upcoming projects.

Remember, Remember: What Guy Fawkes and the Gunpowder Plot Can Teach Us About Modern Cyber Attacks

10 years ago I moved to the UK and made it my home, and I love living here. I like Marmite, debates over whether the evening meal is dinner, tea, or supper, the constant requirement to remark upon the weather… and the many bizarre traditions. One of these bizarre traditions is Bonfire Night, celebrated on 5th November each year to commemorate the Gunpowder Plot when a bunch of conspirators (including a man called Guy Fawkes) tried to blow up Parliament and King James.

Cloud Threats Memo: Exploiting Google Forms for Phishing Campaigns

A recent campaign, unearthed by researchers at INKY, is the latest example of exploitation of a legitimate cloud service. The campaign impersonates the U.S. Small Business Administration (SBA), targeting small businesses that are unaware of the fact that the SBA recently stopped accepting applications for COVID-19 relief loans or grants. The element that makes this campaign stand out from the others is the exploitation of a well-known and familiar cloud service to host the phishing page: Google Forms.

Netskope and Okta: Coming Together for Continuous Adaptive Trust

The problem of securing the modern workforce goes beyond occasional spats between IT and security. The real problems we see are user credentials under constant attack, alongside attempts to harvest and exploit enterprise data. Plus the cloud resources that workforces need are tough to secure, especially when deployed outside of IT-led processes. In light of these issues, corporations need a way to securely provide always-on cloud access for users while safeguarding enterprise data anywhere it goes.

Cybersecurity Awareness Month: Adding Threat to Vulnerability Management

Vulnerability management can be more than just running scans and sorting by Common Vulnerability Scoring System scores! Take your program to the next level by adding a threat-based approach to vulnerability management by combining the hacker mindset with cyber threat intelligence. With so many vulnerabilities published daily, having a team knowledgeable with the latest threats can help IT teams quickly identify assets that require expedited remediation.

Cybersecurity Awareness Month: Recognizing Phishing and Using Multi-factor Authentication

Phishing is a well known threat that users are constantly being warned about, but as we are in Cybersercurity Awarenss Month though, some may still be wondering what exactly phishing is and how to prevent it. In this blog, I am going to dig into how you can recognize phishing and how enabling multi-factor authentication can help keep you safe.