Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

March 2023

The Power of Integrating Secureworks and Netskope

I have been watching Secureworks for a long time—ever since Dell bought the company back in February of 2011. The company’s reputation as a leader in managed security services was well-known, and this purchase represented one of the first big bets by Dell in the cybersecurity space. Secureworks could analyze and remediate the ever-evolving threat landscape for Dell customers.

Doing More With Less: Security Integration and Automation within the Financial Sector

With many financial institutions continuing to feel an impact from The Great Resignation, and seeing tighter budgets across the board in 2023, security leaders are being asked to do more with less. So far in 2023, many organizations are hesitant to hire additional staff or even backfill open positions—forcing many security leaders to make do with fewer people than in the past.

Is SASE a Logical Step in Your NaaS Plans?

The last decade has seen a notable step in the evolution of network security and operations as companies move to a Software Defined Network (SDN) model, centralising control of switches, routers, VPN concentrators, load balancers and SD-WAN devices. This simplifies the management and operation of the network, driving down operational costs and reducing risk through better patch and update management.

CVE-2023-21716: Microsoft Word RCE Vulnerability

In the February 2023 Patch Tuesday, Microsoft fixed a remote code execution vulnerability in Microsoft Word, tracked as CVE-2023-21716. The vulnerability is critical, having a CVSS score of 9.8 out of 10, and could allow an attacker to execute code with the same privileges as the victim through rich text format (RTF) documents.

Netskope Modern DLP

"Netskope Modern DLP" sounds good. Description: Hybrid work and the upsurge in cloud adoption demand an updated approach to data protection, one that ensures your sensitive data stays protected anywhere it goes with high precision. Netskope modern data loss prevention (DLP) provides the highest degree of data protection efficacy, powered by machine learning, and is delivered from the cloud across all cloud services, all business communications and everywhere your users are.

Emotet Comeback: New Campaign Using Binary Padding to Evade Detection

Emotet is undoubtedly a very resilient botnet. Even though its operation was disrupted by Europol in January 2021, Emotet came back a few months later and continues to spread. In May 2022, shortly after Microsoft released new controls related to malicious macros, Netskope Threat Labs analyzed an Emotet campaign where they were testing a new delivery method, by using LNK files.

CVE-2023-23397: Microsoft Outlook Zero-Day Exploited by APT28

A now fixed zero-day elevation of privilege (EoP) vulnerability in Microsoft Outlook (CVE-2023-23397) allows attackers to send craft emails to exploit Outlook. The vulnerability does not require user interaction to be exploited and runs even before the email is visualized in the preview pane of Outlook, which makes this vulnerability even more dangerous.

Leverage IP and CIDR IOBs with SecLytics Cloud Threat Exchange Plugin

The Netskope Security team is happy to announce the official release of our newest Cloud Threat Exchange plugin built in-house, which now allows users to pull threat data discovered by SecLytics. This integration leverages the SecLytics Bulk API to allow users to pull identified URL, IP, and CIDR block indicators of behavior (IoBs) into Cloud Exchange.

Netskope Threat Coverage: BlackSnake Ransomware

BlackSnake is a ransomware-as-a-service (RaaS) group that first appeared in a hacking forum in August 2022, where the operators were seeking affiliates and stating that they would take 15% of the profit, which is below the typical average of 20-30%. On February 28, 2023, a new variant of BlackSnake was spotted, and is notable for having a clipper module that targets cryptocurrency users.

Understanding Data Protection Needs in a Cloud-enabled Hybrid Work World

Today, Netskope partnered with the Cloud Security Alliance to release the Data Loss Prevention (DLP) and Data Security Survey Report, a survey focused on data protection needs in cloud and hybrid work environments. Unsurprisingly, the report found that the biggest pain point organizations identify with trying to modernize their data protection strategy is that current DLP deployments show limitations when it comes to cloud and remote work use cases, and they are a nightmare to manage.

What Can Formula 1 Teach Us About Balancing Regulation and Innovation?

Innovation and regulation are two important factors that have a significant impact on the growth of any industry, including information security. The question of whether regulation inhibits or inspires innovation is a contentious one, and there are compelling arguments on both sides.

Cloud Threats Memo: Cyber Espionage Campaign Using Remote Access Tools

Another day, another cyber espionage campaign exploiting two legitimate and well-known cloud services to deliver the malicious payload. Once again, this campaign was unearthed by researchers at Sentinel One, and it is aimed to distribute the Remcos Remote Access Tool (yet another example of a remote control tool used for malicious purposes) through the DBatLoader to target predominantly organizations in Eastern Europe.

Realizing the True Power of Netskope Cloud Exchange

When I talk to customers and partners about Cloud Threat Exchange (CTE), I immediately say, “I’m not in marketing, and didn’t see the future—so I misnamed the module. I should have named it Cloud Data Exchange.” Why do I say this? Because, as Netskope and Cloud Exchange have matured, the number of use cases the module can fulfill has naturally grown beyond the initial vision. How so?

Attackers Increasingly Abusing DigitalOcean to Host Scams and Phishing

Netskope Threat Labs is tracking a 17x increase in traffic to malicious web pages hosted on DigitalOcean in the last six months. This increase is attributed to new campaigns of a known tech support scam that mimics Windows Defender and tries to deceive users into believing that their computer is infected.

Cloud Threats Memo: Multiple Different Cloud Apps Abused in a Single Cyber Espionage Campaign

Threat actors continue to exploit cloud services for cyber espionage, and a new campaign by a threat cluster named WIP26, discovered recently by researchers at Sentinel One in collaboration with QGroup, targeting telecommunication providers in the Middle East, confirms this trend.