State-sponsored threat actors continue to exploit legitimate cloud services. In their latest campaign, uncovered by Malwarebytes during January 2022, the North Korean group Lazarus (AKA HIDDEN COBRA) has been carrying out spear phishing attacks, delivering a malicious document masquerading as a job opportunity from Lockheed Martin (37% of malware is now delivered via Office documents).
Netskope is a leading provider of cloud security with its security service edge, single-pass architecture. Using clients to steer traffic to the Internet through the Netskope Security Cloud means that customers can securely enable data moving into and out of the distributed corporate environment. But this traffic has to originate from an endpoint—and endpoints can be compromised. How do organizations know whether SaaS traffic originating from an endpoint is potentially compromised or at risk?
A new destructive malware called WhisperGate was discovered in mid-January 2022 targeting Ukrainian organizations. This threat emerged during geopolitical conflicts in Ukraine, masquerading as ransomware. However, this malware has a more destructive nature: wiping files and corrupting disks to prevent the OS from loading. Ukraine has suffered other cyberattacks that seem to be connected to WhisperGate, such as the defacement of many websites connected to their governments.
Ever-increasing demands for remote work and the shift to cloud-as-default have propelled many companies to re-energize their data protection and threat neutralization strategies. Successful strategies emphasize robust identity and access management (IAM) and detailed visibility into all traffic and transactions. Okta, one of our strategic partners for IAM, recently published its eighth annual Business at Work report.
In 2021, malicious Office documents accounted for 37% of all malware downloads detected by Netskope, showing favoritism for this infection vector among attackers. This is likely due to the ubiquitous usage of Microsoft Office in enterprises across the globe. Throughout 2021 we have analyzed many techniques used by attackers to deliver payloads through infected documents, which included the return of Emotet, a campaign that primarily uses infected documents to spread malware.
No sooner did word start to spread about Apache Log4j that the usual torrent of blaring headlines, vendor marketing, and tips and tricks-style “information” quickly followed. You can find plenty of solid technical analysis out there about Log4j, and we’ve already posted information about Netskope protections and threat coverage from Netskope Threat Labs. But that’s not this post.
