Schließen
Schließen
Ihr Netzwerk von morgen
Ihr Netzwerk von morgen
Planen Sie Ihren Weg zu einem schnelleren, sichereren und widerstandsfähigeren Netzwerk, das auf die von Ihnen unterstützten Anwendungen und Benutzer zugeschnitten ist.
          Erleben Sie Netskope
          Machen Sie sich mit der Netskope-Plattform vertraut
          Hier haben Sie die Chance, die Single-Cloud-Plattform Netskope One aus erster Hand zu erleben. Melden Sie sich für praktische Übungen zum Selbststudium an, nehmen Sie an monatlichen Live-Produktdemos teil, testen Sie Netskope Private Access kostenlos oder nehmen Sie an Live-Workshops teil, die von einem Kursleiter geleitet werden.
            Ein führendes Unternehmen im Bereich SSE. Jetzt ein führender Anbieter von SASE.
            Ein führendes Unternehmen im Bereich SSE. Jetzt ein führender Anbieter von SASE.
            Netskope debütiert als Leader im Gartner ® Magic Quadrant ™ für Single-Vendor SASE
              Generative KI für Dummies sichern
              Generative KI für Dummies sichern
              Erfahren Sie, wie Ihr Unternehmen das innovative Potenzial generativer KI mit robusten Datensicherheitspraktiken in Einklang bringen kann.
                Moderne Data Loss Prevention (DLP) für Dummies – E-Book
                Moderne Data Loss Prevention (DLP) für Dummies
                Hier finden Sie Tipps und Tricks für den Übergang zu einem cloudbasierten DLP.
                  Modernes SD-WAN für SASE Dummies-Buch
                  Modernes SD-WAN für SASE-Dummies
                  Hören Sie auf, mit Ihrer Netzwerkarchitektur Schritt zu halten
                    Verstehen, wo die Risiken liegen
                    Advanced Analytics verändert die Art und Weise, wie Sicherheitsteams datengestützte Erkenntnisse anwenden, um bessere Richtlinien zu implementieren. Mit Advanced Analytics können Sie Trends erkennen, sich auf Problembereiche konzentrieren und die Daten nutzen, um Maßnahmen zu ergreifen.
                        Die 6 überzeugendsten Anwendungsfälle für den vollständigen Ersatz älterer VPNs
                        Die 6 überzeugendsten Anwendungsfälle für den vollständigen Ersatz älterer VPNs
                        Netskope One Private Access ist die einzige Lösung, mit der Sie Ihr VPN endgültig in den Ruhestand schicken können.
                          Colgate-Palmolive schützt sein "geistiges Eigentum" mit intelligentem und anpassungsfähigem Datenschutz
                          Colgate-Palmolive schützt sein "geistiges Eigentum" mit intelligentem und anpassungsfähigem Datenschutz
                            Netskope GovCloud
                            Netskope erhält die FedRAMP High Authorization
                            Wählen Sie Netskope GovCloud, um die Transformation Ihrer Agentur zu beschleunigen.
                              Lassen Sie uns gemeinsam Großes erreichen
                              Die partnerorientierte Markteinführungsstrategie von Netskope ermöglicht es unseren Partnern, ihr Wachstum und ihre Rentabilität zu maximieren und gleichzeitig die Unternehmenssicherheit an neue Anforderungen anzupassen.
                                Netskope solutions
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) bietet Kunden leistungsstarke Integrationstools, mit denen sie Investitionen in ihre gesamte Sicherheitslage nutzen können.
                                  Technischer Support von Netskope
                                  Technischer Support von Netskope
                                  Überall auf der Welt sorgen unsere qualifizierten Support-Ingenieure mit verschiedensten Erfahrungen in den Bereichen Cloud-Sicherheit, Netzwerke, Virtualisierung, Content Delivery und Software-Entwicklung für zeitnahen und qualitativ hochwertigen technischen Support.
                                    Netskope-Video
                                    Netskope-Schulung
                                    Netskope-Schulungen helfen Ihnen, ein Experte für Cloud-Sicherheit zu werden. Wir sind hier, um Ihnen zu helfen, Ihre digitale Transformation abzusichern und das Beste aus Ihrer Cloud, dem Web und Ihren privaten Anwendungen zu machen.

                                      Netskope Threat Labs Stats for October 2023

                                      Nov 16 2023

                                      Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide.

                                      Summary

                                      • After four months, PE files (EXE/DLL) reclaimed the top spot as the most popular file format for malware downloads, narrowly beating out PDF files, which continue to remain popular but are coming down from their peak in August. 
                                      • Attackers continue to attempt to fly under the radar by using cloud apps to deliver malware, with 51% of all malware downloads in October originating from 184 cloud apps, the highest number of apps in the past six months.
                                      • The famous LockBit ransomware and the well-known AgentTesla infostealer were among the top malware families detected on the Netskope platform in October.

                                      Cloud Malware Delivery

                                      Attackers attempt to fly under the radar by delivering malicious content via popular cloud apps. Abusing cloud apps for malware delivery enables attackers to evade security controls that rely primarily on domain block lists and URL filtering, or that don’t inspect cloud traffic. In October 2023, 51% of all HTTP/HTTPS malware downloads originated from popular cloud apps.

                                      The total number of cloud apps from which malware downloads originated is the highest of the past months, with 184 distinct cloud apps used for malware download. Usually the closer we get to the end of the year, more infections can be observed when compared to the other months, and that reflects on the number of cloud apps used by malware.

                                      Attackers achieve the most success reaching enterprise users when they abuse cloud apps that are already popular in the enterprise. Microsoft OneDrive, the most popular enterprise cloud app, has again held the top spot for the most cloud malware downloads, which it has for more than six months. 

                                      Compared to last month, when a DarkGate malware campaign was spotted abusing SharePoint, October showed a slight decrease in SharePoint app usage, though it remains in second place and still demonstrates a preference for malicious usage. The top ten apps remained largely unchanged and included free software hosting sites (GitHub), cloud storage apps (Google Drive, Box, Azure Blob Storage), free web hosting services (Weebly), and also email services like Microsoft Live Outlook, which had a considerable increase in its usage in August due to a phishing campaign abusing the app. 

                                      In total, the top ten accounted for nearly three-quarters of all cloud malware downloads, with the remaining one-quarter spread over 174 other cloud apps. The top ten list is a reflection of attacker tactics, user behavior, and company policy.

                                      Top Malware File Types

                                      After two months in second place, malicious EXE files returned to the top of the list of malware file types. Although PDF files aren’t in the top anymore after four months, they’re still in second place. We expect both PDFs and EXE files to remain popular among adversaries, with their relative popularity fluctuating depending on which specific malware campaigns are active that month.

                                      In third place are ZIP archive files, and the usage of other file types remains consistent when compared to other months.

                                      Top Malware Families

                                      Attackers are constantly creating new malware families and new variants of existing families, either as an attempt to bypass security solutions or to update their malware’s capabilities. In October 2023, 66% of all malware downloads detected by Netskope were either new families or new variants that had not been observed in the preceding six months. The other 33% were samples that had been previously observed during the preceding six months and are still circulating in the wild.

                                      By volume, Netskope blocks more Trojans than any other malware type. Trojans are commonly used by attackers to gain an initial foothold and to deliver other types of malware, such as Infostealers, remote access Trojans (RATs), backdoors, and ransomware. Remaining in second place, but still rising in popularity, were malware samples related to phishing campaigns.

                                      The following list contains the top malware and ransomware families blocked by Netskope in October 2023:

                                      • Adware.Bundlore (a.k.a. SurfBuyer) is an OSX adware installer that has circulated in many forms, including Flash player installers, hidden scripts, and browser plugins. Details
                                      • Backdoor.Zusy (a.k.a. TinyBanker) is a banking Trojan based on the source code of Zeus, aiming to steal personal information via code injection into websites. Details
                                      • Downloader.Upatre is a downloader used to distribute other payloads such as Locky and Dridex. Details
                                      • Infostealer.AgentTesla is a .NET-based Remote Access Trojan with many capabilities, such as stealing browsers’ passwords, capturing keystrokes, clipboard, etc. Details
                                      • Infostealer.Lazagne is a password recovery tool that can be used as a hacking tool to steal passwords from infected devices. Details
                                      • Phishing.PhishingX is a malicious PDF file used as part of a phishing campaign to redirect victims to a phishing page.
                                      • Ransomware.LockBit is the latest version of the LockBit ransomware, emerged in September 2019, becoming one of the most relevant RaaS groups in the world. Details
                                      • RAT.AdWind is a RAT that can perform actions such as log keystrokes, collect sensitive information, download and run other payloads, and more. Details
                                      • Trojan.Razy is a Trojan typically distributed via malicious ads disguised as legitimate software, often used to steal cryptocurrency data. Details
                                      • Trojan.Valyria (a.k.a. POWERSTATS) is a family of malicious Microsoft Office Documents that contain embedded malicious VBScripts, usually to deliver other malicious payloads. Details

                                      Recommendations

                                      Attackers have always sought to evade detection and avoid suspicion in delivering malware. Two strategies that attackers have been using increasingly in the past six months are to deliver malware by abusing cloud apps and to package malware in PDF files. Netskope Threat Labs recommends that you review your security posture to ensure that you are adequately protected against both of these trends:

                                      • Inspect all HTTP and HTTPS downloads, including all web and cloud traffic, to prevent malware from infiltrating your network. Netskope customers can configure their Netskope NG-SWG with a Threat Protection policy that applies to downloads from all categories and applies to all file types.
                                      • Ensure that your security controls recursively inspect the content of popular archive files such as ZIP files for malicious content. Netskope Advanced Threat Protection recursively inspects the content of archives, including ISO, TAR, RAR, 7Z, and ZIP.
                                      • Ensure that high-risk file types like executables and archives are thoroughly inspected using a combination of static and dynamic analysis before being downloaded. Netskope Advanced Threat Protection customers can use a Patient Zero Prevention Policy to hold downloads until they have been fully inspected.
                                      • Configure policies to block downloads from apps that are not used in your organization to reduce your risk surface to only those apps and instances that are necessary for the business.
                                      • Block downloads of all risky file types from newly registered domains and newly observed domains.

                                      In addition to the recommendations above, Remote Browser Isolation (RBI) technology can provide additional protection when there is a need to visit websites that fall in categories that present higher risk, like Newly Observed and Newly Registered Domains.

                                      About This Report

                                      Netskope provides threat and data protection to millions of users worldwide. Information presented in this report is based on anonymized usage data collected by the Netskope Security Cloud platform relating to a subset of Netskope customers with prior authorization. This report contains information about detections raised by Netskope’s Next Generation Secure Web Gateway (SWG), not considering the significance of the impact of each individual threat. Stats in this report are based on the period starting April 1, 2022 through October 31, 2023. Stats are a reflection of attacker tactics, user behavior, and organization policy.

                                      author image
                                      Leandro Fróes
                                      Leandro Fróes is a Senior Threat Research Engineer at Netskope, where he focuses on malware research, reverse engineering, automation and product improvement.
                                      Leandro Fróes is a Senior Threat Research Engineer at Netskope, where he focuses on malware research, reverse engineering, automation and product improvement.

                                      Bleiben Sie informiert!

                                      Abonnieren Sie den Netskope-Blog