Netskope has just published the Monthly Threat Report for February, with this month’s report focused on what is going on in Europe. I don’t intend to summarise the report in this blog, instead I want to zoom in and study a continuing trend that was highlighted in there; one that is unfortunately heading in the wrong direction.

The widespread adoption of cloud transformation and hybrid work are increasing the attack surface while attacks get increasingly sophisticated. Attacks targeting cloud infrastructure and email-borne threats have soared to unprecedented levels, making it critical for organizations to protect sensitive data regardless of where it may be stored.

February 24, 2023 marks one year since Russia invaded Ukraine, starting a conflict that has killed more than 8,000, injured more than 13,300, and displaced more than 14 million people in the past year, according to the UN. Physical warfare between Ukraine and Russia has been accompanied by cyberwarfare between the two countries. This blog post focuses on cyberwar, particularly what we can learn from the past year.

Starting with January 2023, Netskope Threat Labs will publish a monthly summary blog post of the top threats we are tracking on the Netskope Security Cloud platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide.

The underground economy of the initial access brokers (IABs) is more flourishing than ever. At least this is one of the conclusions of the recent report “Hi-Tech Crime Trends 2022/2023” released by Group-IB. Initial access brokers exploit vulnerabilities or misconfigurations to get hold of valid access credentials (typically VPN or RDP) and outsource or sell them to criminal gangs, including ransomware operators.

This year’s Okta Business at Work annual report highlights growth, despite national headlines with concerns about a recession and economic contraction. Given Okta’s role as a leading identity service provider, the growth theme is good news for stronger authentication and protection against access compromise, phishing, and ransomware.

I recently attended the LEAP tech event in Saudi Arabia, and it was clear walking the trade show floor that 5G is hitting critical mass. Lightning-fast network connections are now rolling into cities across Saudi Arabia and the wider world, and while it’s true that some countries are further into the rollout of 5G than others, all the network providers and consultancies last week were showcasing wide-ranging use cases of 5G.

As digital transformation continues to blossom and cloud adoption increases, we continue to see challenges crop up when it comes to traditional DLP solutions. Setting aside the architectural and operational complexity and high cost that comes with traditional DLP, practitioners recognize that existing tools aren’t able to keep up.

Late in January this year, the UK’s National Cyber Security Centre announced an update to its Cyber Essentials scheme in order to ensure it “continues to help UK organisations guard against the most common cyber threats”. This year’s update isn’t an overhaul on the same scale as last year’s, but it did include important new guidance about zero trust architectures.

The advent of cloud applications led to a new generation of phishing attacks (named OAuth phishing or consent phishing) where, rather than stealing the user credentials, threat actors aim to obtain an authorization token via a rogue cloud app that allows them to perform harmful activities on the victim’s cloud environment.