Join us at Netskope’s SASE Summit, coming to a city near you! Register now.

  • Security Service Edge Products

    Protect against advanced and cloud-enabled threats and safeguard data across all vectors.

  • Borderless SD-WAN

    Confidently provide secure, high-performance access to every remote user, device, site, and cloud.

  • Platform

    Unrivaled visibility and real-time data and threat protection on the world's largest security private cloud.

The platform of the future is Netskope

Intelligent Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), and Private Access for ZTNA built natively into a single solution to help every business on its journey to Secure Access Service Edge (SASE) architecture.

Go to Products Overview
Netskope video
Borderless SD-WAN: Ushering in the New Era of Borderless Enterprise

Netskope Borderless SD-WAN offers an architecture that converges zero trust principles and assured application performance to provide unprecedented secure, high-performance connectivity for every site, cloud, remote user, and IoT device.

Read the article
Borderless SD-WAN
Netskope delivers a modern cloud security stack, with unified capabilities for data and threat protection, plus secure private access.

Explore our platform
Birds eye view metropolitan city
Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn about NewEdge
Lighted highway through mountainside switchbacks
Safely enable the use of generative AI applications with application access control, real-time user coaching, and best-in-class data protection.

Learn how we secure generative AI use
Safely Enable ChatGPT and Generative AI
Zero trust solutions for SSE and SASE deployments

Learn about Zero Trust
Boat driving through open sea
Netskope enables a safe, cloud-smart, and fast journey to adopt cloud services, apps, and public cloud infrastructure.

Learn about Industry Solutions
Wind turbines along cliffside
  • Our Customers

    Netskope serves more than 2,000 customers worldwide including more than 25 of the Fortune 100

  • Customer Solutions

    We are here for you and with you every step of the way, ensuring your success with Netskope.

  • Training and Certification

    Netskope training will help you become a cloud security expert.

We help our customers to be Ready for Anything

See our Customers
Woman smiling with glasses looking out window
Netskope’s talented and experienced Professional Services team provides a prescriptive approach to your successful implementation.

Learn about Professional Services
Netskope Professional Services
Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn about Training and Certifications
Group of young professionals working
  • Resources

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog

    Learn how Netskope enables security and networking transformation through security service edge (SSE).

  • Events & Workshops

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

Bonus Episode 2: The Magic Quadrant for SSE and Getting SASE Right
Mike and Steve discuss the Gartner® Magic Quadrant™ for Security Service Edge (SSE), Netskope’s positioning, and how the current economic climate will impact the SASE journey.

Play the podcast
Bonus Episode 2: The Magic Quadrant for SSE and Getting SASE Right
Latest Blogs

How Netskope can enable the Zero Trust and SASE journey through security service edge (SSE) capabilities.

Read the blog
Sunrise and cloudy sky
Netskope AWS Immersion Day World Tour 2023

Netskope has developed a variety of hands-on labs, workshops, in-depth webinars and demos to educate and assist AWS customers in the usage and deployment of Netskope products.

Learn about AWS Immersion Day
AWS Partner
What is Security Service Edge?

Explore the security side of SASE, the future of network and protection in the cloud.

Learn about Security Service Edge
Four-way roundabout
  • Company

    We help you stay ahead of cloud, data, and network security challenges.

  • Why Netskope

    Cloud transformation and work from anywhere have changed how security needs to work.

  • Leadership

    Our leadership team is fiercely committed to doing everything it takes to make our customers successful.

  • Partners

    We partner with security leaders to help you secure your journey to the cloud.

Supporting sustainability through data security

Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability.

Find out more
Supporting Sustainability Through Data Security
Highest in Execution. Furthest in Vision.

Netskope recognized as a Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge.

Get the report
Netskope recognized as a Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge.
Thinkers, builders, dreamers, innovators. Together, we deliver cutting-edge cloud security solutions to help our customers protect their data and people.

Meet our team
Group of hikers scaling a snowy mountain
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn about Netskope Partners
Group of diverse young professionals smiling

Cloud Threats Memo: North-Korean State-Sponsored Threat Actors Continue to Exploit Legitimate Cloud Services

May 04 2023

Be the first to receive the Cloud Threats Memo directly in your inbox by subscribing here.

While the most common cloud apps are also the most exploited for delivering malicious content, opportunistic and state-sponsored threat actors are constantly looking for additional cloud services to leverage throughout multiple stages of the attack chain.

The growing exploitation of cloud services has led the main cloud service providers to enforce restrictive controls to mitigate the risk of possible abuse of their services. And even though a less known service means a lower chance of success for the attackers (the users could be uncomfortable with downloading or accessing content from a cloud application they are not familiar with), there are still more advantages than drawbacks: a cloud service offers simplified hosting and the corresponding malicious traffic is easily hidden among the legitimate sessions.

In a recent example, discovered by researchers at ESET while investigating the recent supply-chain attack to 3CX carried out by the infamous North Korean threat actor Lazarus Group, the same attackers deployed an unknown Linux malware disguised as a PDF document distributed via spear phishing or direct messages. The malware was distributed as part of a new campaign, considered a follow-up to Operation Dream Job, targeting people working in software or DeFi platforms with fake job offers on social media.

The first stage payload of this campaign is a downloader, dubbed OdicLoader by the researchers, that when executed displays a decoy PDF document, and then downloads a second-stage backdoor from the OpenDrive (no it is not OneDrive!) cloud storage service.

It is interesting to note that the Lazarus Group has a certain predisposition to exploit cloud services in their campaigns: even in the case of the 3CX attack, the threat actors exploited GitHub in a complex multi-stage attack chain where the trojanized 3CX client downloaded apparently innocuous icon files from GitHub, encoding the information needed to download the information stealer in the next stage of the attack: an unprecedented variant of the Dead Drop Resolver technique.

How Netskope mitigates the risk of legitimate cloud services exploited by threat actors

Although OpenDrive is maybe not one of the most common cloud storage services, it is certainly one where the Netskope Next Gen SWG can provide granular access control, threat protection, and DLP capabilities (the app connector is able to recognize the following activities: “Create”, “Delete”, “Download”, “Edit”, “Login Attempt”, “Login Failed”, “Login Successful”, “Logout”, “Share”, “Upload”, “View”, and to enforce DLP policies for the “Download” and “Upload” activities, a much deeper visibility than legacy SWGs).

The organization might decide to completely block access to the unneeded cloud storage service, or simply prevent specific, potentially dangerous activities (such as “Download” or “Upload”).

A similar policy can also be applied to GitHub, with the additional advantage that GitHub is also among the hundreds of services for which instance detection is available. So if an unknown instance of a corporate cloud service like GitHub is exploited as a command and control, dead drop resolver, or a malware distribution point, it is possible to configure a policy that prevents potentially dangerous activities just from non-corporate instances.

Netskope customers are also protected against malware distributed from a legitimate cloud service and the web in general by Netskope Threat Protection. Netskope Threat Protection scans web and cloud traffic to detect known and unknown threats with a comprehensive set of engines, including signature-based AV, machine learning-based detectors for executables and Office documents, and sandboxing, including patient zero protection.

Netskope Cloud Exchange provides powerful integration tools to leverage investments across their security posture through integration with third-party tools, such as threat intelligence feeds and endpoint detection technologies.

Finally, Netskope Advanced Analytics provides specific dashboards to assess the risk of rogue cloud instances being exploited to deliver malware or becoming the target of anomalous communications, with rich details and insights, supporting security teams in the analysis and mitigation/remediation process.

Stay safe!

author image
Paolo Passeri
Paolo supports Netskope’s customers in protecting their journey to the cloud and is a security professional, with 20+ years experience in the infosec industry. He is the mastermind behind hackmageddon.com, a blog detailing timelines and statistics of all the main cyber-attacks occurred since 2011. It is the primary source of data and trends of the threat landscape for the Infosec community.