Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide.
With 2024 on the horizon, we have once again reached out to our deep bench of experts here at Netskope to ask them to do their best crystal ball gazing and give us a heads up on the trends and themes that they expect to see emerging in the new year. We’ve broken their predictions out into four categories: AI, Geopolitics, Corporate Governance, and Skills. Here’s what our experts think is in store for 2024.
In the digital age, human interactions have been slowly replaced with online substitutions. We’re so used to depending on computers to perform tasks on our behalf that attackers are increasingly exploiting this trust mechanism for malicious gain. We are living in an age of unprecedented connectivity and convenience. Our daily lives are entwined with technology, from online shopping to managing our finances, to discussing key documents and answering queries in the workplace.
It’s been a long journey toward securing and optimizing the enterprise branch, from the days of rigid MPLS networks to the agile era of SD-WAN. Now comes the next stage of that journey: Secure access service edge (SASE), which, when architected correctly, converges the most important network and security capabilities into a single cloud-delivered service. Before we talk about how, though, let’s examine why SASE’s moment is now.
In the ever-evolving landscape of cybersecurity, the concept of a ”single pane of glass” has long been the Holy Grail for many organisations. The idea is simple: consolidate all your cybersecurity tools and data onto a single dashboard for improved visibility and control.
In the past month, the Netskope Threat Labs team observed a considerable increase of SharePoint usage to deliver malware caused by an attack campaign abusing Microsoft Teams and SharePoint to deliver a malware named DarkGate. DarkGate (also known as MehCrypter) is a malware that was first reported by enSilo (now Fortinet) in 2018 and has been used in multiple campaigns in the past months.
As Cybersecurity Awareness Month 2023 draws to a close, we wanted to highlight some tips to keep in mind for the rest of the year, and beyond. In case you’ve missed it, we’ve been running a series of videos on our LinkedIn page throughout the month of October highlighting tips from members of our internal security team on topics like password sharing, keeping personal identifiable information safe, and maintaining good cyber hygiene.
DarkGate Loader is a commodity malware loader with multiple features including the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. Its distribution mechanism also makes use of legitimate AutoIt files to inject the malicious payload.
In August 2023, Netskope Threat Labs highlighted an increase in downloads of PDF phishing attachments in Microsoft Live Outlook, caused by a series of phishing campaigns targeting users of the email service. We took a closer look and found that these campaigns are mostly Amazon-themed scams with a few Apple and IRS-themed phishing attempts sprinkled throughout. Just like in our previously reported phishing blog posts, attackers are abusing free services in these campaigns.
In October 2023, Netskope analyzed a malicious Word document and the malware it contained, dubbed “Menorah.” The malware was attributed to an advanced persistent threat group APT34, and was reported to be distributed via spear-phishing. The malicious Office file uses dispersed and obfuscated VBA code to evade detection. The advanced persistent threat group targets users of outdated versions of Microsoft Office, since it does not attempt to bypass the mark of the web security check.
