Ransomware attacks are on the rise. Many organizations have fallen victim to ransomware attacks. While there are different forms of ransomware, it typically involves the attacker breaching an organization’s network, encrypting a large amount of the organization’s files, which usually contain sensitive information, exfiltrating the encrypted files, and demanding a ransom.
Continuing our ongoing series of expert predictions, the following come from Netskope Threat Labs, including what we see on the horizon for software supply chain, phishing, and ransomware.
What a few weeks it has been for Twitter, from the sacking of half its workforce, and the rushed release of a new feature that allows impersonation of people and brands, through to the unintentional lock out of some users with a certain multi-factor authentication (MFA) configuration enabled. Added to this, we have also seen major resignations of key individuals across the Information Security, Privacy and Compliance groups.
Following my recent AISA session about security transformation in October, I am digging further into the value that can come from both security and digital transformation, applying security service edge capabilities and zero trust principles as part of the broader digital transformation strategy.. In the first part of this three-part blog series, I am going to take a look at how an understanding of digital strategy and digital risk are foundational to a modern security transformation journey.
In October 2022, a novel ransomware named Prestige was found targeting logistics and transportation sectors in Ukraine and Poland. According to Microsoft, victims affected by Prestige overlap with previous victims targeted by HermeticWiper, spotted in February 2022. The research also shows that the attackers deployed the ransomware within an hour between all victims, abusing highly privileged domain credentials to deploy the payload.
As the new year draws closer, we’ve asked our experts here at Netskope to see what they have on their radar for 2023. Similar to years past, we’ve broken these predictions out into “Long Shots,” more out-there predictions we think could potentially happen in the next year, and “Trending Topics,” predictions around topics you may have seen discussed a bit this year but digging into how we expect them to evolve. Here’s what our experts see for 2023.
Netskope Threat Labs recently discovered a phishing campaign that is abusing Adobe Acrobat to host a Microsoft Office phishing page. While abusing free cloud services to host malicious content is a popular attack technique, this is the first time we have seen Adobe Acrobat used to deliver malicious content. The attack starts with a phishing email that lures the user into opening a PDF file that redirects them to an Adobe Acrobat URL.
Phishing is one of the most common online security threats. A phishing website tries to mimic a legitimate page in order to obtain sensitive data such as usernames, passwords, or financial and health-related information from potential victims. Machine learning (ML) algorithms have been used to detect phishing websites, as a complementary approach to signature matching and heuristics.
Last week Netskope was awarded the “Cloud Services Vendor Of The Year” trophy at the UK’s CRN Awards. It is the second award we have won for our efforts in the UK channel this year – earlier in the summer we took home CRN’s “Technology Innovation” gong as well.
Netskope Threat Labs spotted a new crypto-phishing attack that aims to steal sensitive data from crypto wallets, including private keys and security recovery phrases, disguising itself as a service to revoke stolen ERC (Ethereum Request for Comments) assets. The page was created and hosted with Netlify, which is a free cloud service to create websites and apps.
