LockBit (a.k.a. ABCD) emerged in September 2019 and became one of the most relevant RaaS (Ransomware-as-a-Service) groups among others like REvil, BlackMatter, Night Sky, Maze, Conti and Netwalker. The group targets many organizations around the world with a double-extortion scheme, where the attackers steal sensitive data and threaten to leak everything if the ransom is not paid.

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” – Sun Tzu. The above quote by Sun Tzu summarizes cyber threat intelligence (CTI) perfectly.

Most organizations—across almost every industry—have been forced to implement extensive digital components to their everyday operations so they can function efficiently. With this shift, cybersecurity awareness is permeating every business department and as malicious activity skyrockets, the role of security teams is becoming even more prominent across business functions.

Cloud applications play a crucial role in our personal and professional activities. Every day, without even thinking about it, we access dozens of cloud apps, where we store all kinds of data from financial information to family pictures. Netskope has coined the phrase “Cloud Data Sprawl” for this trend, and a few simple numbers summarise its extent.

On August 9, 2022, we released a blog post about a phishing campaign where attackers were abusing Google Sites and Microsoft Azure Web Apps to steal cryptocurrency wallets and accounts from different targets, namely Coinbase, MetaMask, Kraken, and Gemini. The attackers were abusing SEO techniques to spread the pages and using advanced techniques to steal data, such as using live chats to interact with victims.

We’ve seen major shifts in the digital landscape that have far reaching implications on organizations around the world. These include the widespread adoption of hybrid work, the accelerated migration from on-premise to cloud resources, and the exponential increase of data in the cloud.

One of the benefits of a secure access service edge (SASE) framework is that organizations can dramatically simplify the implementation of security services without having to go through constant network redesigns and appliance operating system updates.

Lampion is a banking trojan with a particular predisposition to targeting Portuguese-speaking users (and exploiting cloud services). First documented in December 2019, the malware has gone through multiple releases, characterized by a number of different mechanisms to deliver the initial VBS (Visual Basic Script Loader). All the different variants have an element in common, the malware is distributed abusing legitimate cloud services throughout different stages of the attack chain.

If 2022 is teaching us anything, it’s that no organisation is an island. A better analogy, if I can be a little poetic, is perhaps that we are ships, buffeted by winds, riding rising and receding tides and trying to chart a course to calmer waters. We can build strong ships, but the ocean is out of our control. This lesson has been served to us in the form of global disruption on a scale that is so far out of our control that it can leave us feeling powerless.

As a security analyst in a growing company, it is often easy to get into the “set it and forget it” mentality. You create one alert after another. Then another. And another. With each alert comes a certain amount of work for an analyst. Analyst time costs money, and some alerts consume more time than others. If most of the alerts result in false positives, a large amount of resources are being spent unnecessarily.