Netskope Threat Labs Stats for February 2024
Netskope » Threat Research Labs
by Leandro Fróes
1d ago
Netskope Threat Labs publishes a monthly summary blog post of the top threats we track on the Netskope platform. This post aims to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary OneDrive and GitHub were on the top of the list of top cloud apps used for malware downloads, showing a very strong preference from adversaries and the return of GitHub to the top three. Attackers continue to attempt to fly under the radar by using cloud apps to deliver malware. In February, 49% of all malware downloads originated from a record-setting 215 dis ..read more
Visit website
From Delivery To Execution: An Evasive Azorult Campaign Smuggled Through Google Sites
Netskope » Threat Research Labs
by Jan Michael Alcantara
1w ago
Summary Netskope Threat Labs has observed an evasive Azorult campaign in the wild that employs multiple defense evasion techniques from delivery through execution to fly under the defender’s radar as it steals sensitive data. Azorult is an information stealer first discovered in 2016 that steals sensitive information including user credentials, browser information, and crypto wallet data. Azorult is on the rise and is currently one of the top malware families that Netskope Threat Labs has observed targeting the healthcare industry over the last year. In this blog post, Netskope Threat Labs per ..read more
Visit website
Cloud Threats Memo: Google Drive Abused to Target Organizations in Asian Countries
Netskope » Threat Research Labs
by Paolo Passeri
3w ago
The latest example of an advanced persistent threat exploiting a legitimate cloud service to deliver a malicious payload was recently unearthed by researchers at Trend Micro. As a follow up of a campaign targeting several European countries, discovered in July 2023 and attributed to the APT Earth Preta (also known as Mustang Panda and Bronze President), the researchers have discovered a new cluster of activities, which took place in 2022 and 2023, targeting several countries in Asia including Taiwan, Vietnam, Malaysia, and other Asian countries. The main characteristic of this campaign is the ..read more
Visit website
Netskope Threat Labs Stats for January 2024
Netskope » Threat Research Labs
by Leandro Fróes
1M ago
Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. This post aims to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary OneDrive and SharePoint were again in the top of the list of top cloud apps used for malware downloads, showing a very strong preference from adversaries. Attackers continue to attempt to fly under the radar by using cloud apps to deliver malware, with 49% of all malware downloads in January originating from 178 cloud apps. A wide variety of malware fam ..read more
Visit website
Cloud Threats Memo: Back to the Basics: New DarkGate Campaign Exploiting Microsoft Teams
Netskope » Threat Research Labs
by Paolo Passeri
1M ago
DarkGate is a commodity malware with multiple features including the ability to download and execute files to memory, a hidden virtual network computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. This malware has been delivered in multiple campaigns over the past few months since at least September 2023, and one of the common characteristics of these campaigns has been the continual exploitation of legitimate cloud services, such as Microsoft Teams, Skype, Google Drive, or Dropbox, to deliver the malicious payload. However, it looks like the threat ..read more
Visit website
Rising Threats: Social Engineering Tactics in the Cloud Age
Netskope » Threat Research Labs
by Ray Canzanese
2M ago
Over the past year, the social engineering tactics used for cyber attacks have evolved significantly as attackers manipulate the inherent trust, biases, and vulnerabilities of individual human behavior to gain unauthorized access to sensitive information or systems.  Our “year in review” Cloud and Threat Report, revealed that in 2023, social engineering was the most common way attackers gained initial access to organizations. Social engineering-led attacks place an organization’s employees in a crucial role, essentially manipulating them into opening the door for the attacker to walk thr ..read more
Visit website
Threat Actors Distributing Screenshotter Malware from OneDrive
Netskope » Threat Research Labs
by Paolo Passeri
2M ago
According to the data collected by Netskope Threat Labs, over the course of 2023, OneDrive was the most exploited cloud app in terms of malware downloads. And if a good day starts in the morning, 2024 does not promise anything good. In fact, at the beginning of January, and after a nine-month break, researchers from Proofpoint detected a new financially motivated campaign by TA866, a threat actor characterized for being involved in activities related to both cybercrime and cyberespionage. In their latest campaign, the threat actors flooded targets in North America with several thousands of em ..read more
Visit website
Netskope Threat Labs Stats for December 2023
Netskope » Threat Research Labs
by Leandro Fróes
2M ago
Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary A high number of Sliver framework payloads were found in the month of December. Sliver is a highly customizable C2 Framework used by red teamers, pen testers, and threat actors. The payload is usually used as a post-exploitation tool and gives full control of the machine to the attacker. Attackers continue to attempt to fly under the radar ..read more
Visit website
A Look at the Nim-based Campaign Using Microsoft Word Docs to Impersonate the Nepali Government
Netskope » Threat Research Labs
by Ghanashyam Satpathy
3M ago
Summary Threat actors often employ stealthy attack techniques to elude detection and stay under the defender’s radar. One way they do so is by using uncommon programming languages to develop malware. Using an uncommon programming language to develop malware provides several benefits, including: Evading some signature based detections Impeding analysis by malware analysts that are unfamiliar with the language Limited community detection and published analysis Netskope recently analyzed a malicious backdoor written in Nim, which is a relatively new programming language. Netskope Threat labs ha ..read more
Visit website
Netskope Threat Labs Stats for November 2023
Netskope » Threat Research Labs
by Leandro Fróes
3M ago
Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide. Summary After some time out of the first place, PDF file types returned as the most common file type for malware downloads, followed by ZIP archives and EXE (PE) binary files. These three file types were the top three in the list for several months and show a very strong preference for the attackers. Attackers continue to attempt to fly under the r ..read more
Visit website

Follow Netskope » Threat Research Labs on FeedSpot

Continue with Google
Continue with Apple
OR