Netskope has recently released two exciting enhancements to our Advanced UEBA product. The enhancements are: Together, these two new features streamline operationalization of Advanced UEBA by providing operators alerts when it identifies users exhibiting risky behavior and an at-a-glance summary of the risky activity observed for each user.

As happens every year, Netskopers from across different teams attended the Black Hat USA, BSides, and DEFCON conferences, each coming away with their own take on what was new and exciting. With “Summer Camp” now behind us, we checked in with those folks who attended to share some of what they saw on the floor and what exciting topics stuck out most to them. Here’s what they had to say.

Zoom is firmly a part of everyday work. The modern workspace is no longer a corporate office—it’s anywhere an employee accesses corporate data and applications. With the widespread adoption of hybrid work, there has been a hard shift towards communication platforms like Zoom that allow you to connect, share ideas, and get projects done together in real time, regardless of your physical location.

From February to July 2023, Netskope Threat Labs has been tracking a staggering 61-fold increase in traffic to phishing pages hosted in Cloudflare R2. The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps. The attacks have been targeting victims mainly in North America and Asia, across different segments, led by the technology, financial services, and banking sectors.

Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide.

State-sponsored threat actors continue to exploit legitimate cloud services, and especially one group, the Russian APT29 (also known as Cozy Bear, Cloaked Ursa, BlueBravo, Midnight Blizzard, and formerly Nobelium), seems to be particularly active. Between March and May 2023, security researchers at Recorded Future’s Insikt Group have unearthed a cyber espionage campaign by the same threat actor allegedly targeting government-sector entities in Europe with interest in Ukraine.

In the modern, cloud-first era, traditional data protection technology approaches struggle to keep up. Data is rapidly growing in volume, variety, and velocity. It is becoming more and more unstructured, and therefore, harder to detect, and consequently, to protect.

Recently, a team of experts from JumpSEC Labs discovered a vulnerability in Microsoft Teams that allows malicious actors to bypass policy controls and introduce malware through external communication channels. Leaving end-users susceptible to phishing attacks. Microsoft’s advice is to educate end-users to detect phishing attempts. One workaround would be to disable Microsoft Teams collaboration with external organizations.

Should we be using multiple public cloud providers? As organizations continue to migrate applications and workloads to public cloud platforms, they often face the tough decision of sticking with a single provider or embracing multiple clouds. Using multiple cloud providers promises a variety of benefits including the ability to minimize vendor lock-in, leverage best-of-breed services, achieve cost advantages, and comply with data sovereignty rules.

Microsoft disclosed a zero-day vulnerability impacting Office and Windows on July’s Patch Tuesday. This vulnerability has an “important” severity level, and can allow attackers to perform remote code execution with the same privileges as the target. As of this writing, there is no patch available to mitigate the vulnerability, but Microsoft has provided mitigation steps.