Threat actors exploiting cloud services are keeping me very busy in these final days of this troubled 2022. The main character of this Cloud Threats Memo is MuddyWater (also known as Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros), one of the most prolific cyber espionage groups, active since at least 2017, and believed to be a subordinate element within Iran’s Ministry of Intelligence and Security (MOIS).

In order to enable and sustain an effective and secure hybrid work environment, enterprises need security that can deliver protection anywhere, stop modern threats, ensure compliance, and maintain consistent policies across both on-premise and remote locations.

Starting January 1, 2023, Netskope will offer customers Cloud Exchange (CE), its industry leading integration platform, as a managed service. This managed service will enable a much larger customer base to benefit from CE, including customers lacking in-house resources or preferring to consume CE as a managed service.

If I asked you what the common ways to exploit a cloud app for malicious purposes are, I bet your answer would probably be either to use it to distribute malicious content (such as malware or phishing pages), or to host the command and control (C2) infrastructure. In reality another frequent technique is the dead drop resolver, where a legitimate service is abused by threat actors to host the information related to the C2 infrastructure rather than the C2 infrastructure itself.

In 2001, NIST (the US National Institute of Standards and Technology) announced Advanced Encryption Standard (AES), a new encryption standard, designed to help organisations enhance protections against brute force attacks. The previous Data Encryption Standard (DES) had become vulnerable, with processing power growing, and the Electronic Frontier Foundation (EFF) had proved that DES encryption could be broken in less than 24 hours, therefore a new encryption standard was required.

In the first part of this blog series, I took a look at how an understanding of digital strategy and digital risk is key to starting a security transformation journey. In this post, I am digging further into how a secure access service edge (SASE) architecture with security service edge (SSE) capabilities and zero trust principles can help mitigate the types of digital risk I outlined in part one.

Another day, another legitimate cloud service exploited for a cyber espionage campaign… Researchers at ESET recently discovered Dolphin, a previously unreported backdoor used by the North-Korean threat actor APT37 (AKA ScarCruft and Reaper) against selected targets. The backdoor, deployed after the initial compromise using less sophisticated malware, was observed for the first time in early 2021, during a watering-hole attack on a South Korean online newspaper.

Sometimes in the comms team here at Netskope I hear fantastic tales that are not yet approved for public consumption. The frustration is very real when I hear of a creative customer implementation that cannot yet be told to the wider world. But today I have contrived a clever way to be able to share one of these stories with a veil of anonymity, ahead of a bigger effort to craft a case study for full public consumption.

Recently, Orange Business Services, Orange Cyberdefense, and Netskope announced a global partnership to deliver a fully integrated secure access service edge (SASE) solution on the Orange network. The partnership includes the deployment of Netskope data planes inside the Orange network to provide a full stack of security service edge (SSE) services that will be available from both the New Edge network and Orange’s world-class connectivity services.

SaaS apps have become the “easy button” for organizations seeking a fast and simple way to make foundational business apps available to their employees. According to Gartner, “SaaS remains the largest public cloud services market segment, forecasted to reach $176.6 billion in end-user spending in 2022,” growing 14% over 2021.