Netskope Threat Labs Report: AUSTRALIA

Intelligent Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG) y Private Access for ZTNA integrados de forma nativa en una única solución para ayudar a todas las empresas en su camino hacia el Servicio de acceso seguro Arquitectura perimetral (SASE).

Todos los productos

Netskope Next Gen SASE Branch converge Context-Aware SASE Fabric, Zero-Trust Hybrid Security y SkopeAI-Powered Cloud Orchestrator en una oferta de nube unificada, marcando el comienzo de una experiencia de sucursal completamente modernizada para la empresa sin fronteras.

Obtenga más información sobre Next Gen SASE Branch

Netskope NewEdge es la nube privada de seguridad más grande y de mayor rendimiento del mundo y ofrece a los clientes una cobertura de servicio, un rendimiento y una resiliencia incomparables.

Más información sobre NewEdge

Planifique su camino hacia una red más rápida, más segura y más resistente diseñada para las aplicaciones y los usuarios a los que da soporte.

Obtenga el whitepaper

Cloud Exchange (CE) de Netskope ofrece a sus clientes herramientas de integración eficaces para que saquen partido a su inversión en estrategias de seguridad.

Más información sobre Cloud Exchange

Más información sobre NewEdge

Lighted highway through mountainside switchbacks

Descubra cómo aseguramos el uso generativo de IA

Habilite de forma segura ChatGPT y IA generativa

Más información sobre Confianza Cero

Más información sobre soluciones industriales

Predicciones 2024
La presentadora Emily Wearmouth se sienta a conversar con Sherron Burgess, vicepresidente sénior y CISO de BCD Travel, y Shamla Naidoo, directora de estrategia e innovación en la nube de Netskope, para hablar sobre los temas candentes que verán durante el próximo año.

Reproducir el pódcast

Cómo Netskope puede habilitar el viaje de Zero Trust y SASE a través de las capacidades del borde del servicio de seguridad (SSE).

Lea el blog

Sesiones de repetición de la cuarta SASE Week.

Explorar sesiones

Explore el lado de la seguridad de SASE, el futuro de la red y la protección en la nube.

Más información sobre el servicio de seguridad perimetral

Ver nuestros clientes

Woman smiling with glasses looking out window

Más información sobre servicios profesionales

Acceder a la Netskope Community

Infórmese sobre Capacitaciones y Certificaciones

Netskope se enorgullece de participar en Vision 2045: una iniciativa destinada a crear conciencia sobre el papel de la industria privada en la sostenibilidad.

Descubra más

Apoyando la sustentabilidad a través de la seguridad de los datos

Netskope ha sido reconocido como Líder en el Gartner® Magic Quadrant™ de 2023 en SSE.

Obtenga el informe

Conozca a nuestro equipo

Group of hikers scaling a snowy mountain

Más información sobre los socios de Netskope

Group of diverse young professionals smiling

AUSTRALIAOctober, 2023

En este informe Adopción de aplicaciones en la nube

Aplicaciones en la nube más populares Principales aplicaciones utilizadas para cargas Principales aplicaciones utilizadas para las descargas

Abuso de las aplicaciones en la nube

Entrega de malware en la nube Aplicaciones en la nube abusadas para la entrega de malware

Malware & Ransomware

Principales tipos de malware Principales familias de malware y ransomware

Recomendaciones Netskope Threat Labs Acerca de este informe

8 min read

En este informe

test answer

Cloud App Adoption: With 62% of usage, Microsoft OneDrive is the most popular app used in Australia, followed by Sharepoint and Microsoft Teams, both with 34% of usage. When it comes to uploading and downloading data OneDrive is also the leader with 30% and 32% of daily usage respectively.

Cloud App Abuse: 64% of malware downloads in Australia come from cloud apps, more than any other region. Among the top cloud apps with malware downloads are Microsoft OneDrive, SharePoint, and GitHub.

Malware & Ransomware: Attackers primarily targeted users in the Australia region with Trojans to trick them into downloading other malware payloads. FormBook and Valyria were among the top Trojans, while other common malware families included the infostealer AgentTesla, the famous Emotet botnet, and the Sodinokibi ransomware.

Adopción de aplicaciones en la nube

Although the cloud app adoption rate didn’t grow in Australia when compared to the previous year, it still leads all other regions, with an average of 30 apps used by each user. The top 1% of users interacted with 100 apps per month on average, while users in other regions interacted with 94 apps.

Average apps per user Australia vs Other Regions - Last 12 Months

Unsurprisingly, Australia also leads other regions in terms of the number of users downloading and uploading data from cloud apps. 97% of users download data from cloud apps each month, compared to 93% for other regions. 78% of users upload data to cloud apps each month, compared to 65% in other regions.

Percentage of users uploading data Australia vs Other Regions - Last 12 Months

Aplicaciones en la nube más populares

As it is in most industries, OneDrive is the most popular app in Australia. It is even more popular than in other regions with 62% of users accessing OneDrive daily compared to 50% in other regions. Microsoft apps like SharePoint and Microsoft Teams also show a high usage of 34%.

Overall App Popularity Australia vs Other Regions

Principales aplicaciones utilizadas para cargas

As expected, with Microsoft OneDrive being the most popular app by a large margin, it is also the app most used for uploading data, with 30% of users uploading data to OneDrive daily.

Apps Used for Uploads Australia vs Other Regions

Principales aplicaciones utilizadas para las descargas

OneDrive is also the most popular app for downloads in Australia, with 32% of users preferring it for download. Amazon S3 and Azure Blob Storage also stand out with 14% of users downloading data from them, compared to 8.3% in other regions.

Apps Used for Downloads Australia vs Other Regions

Abuso de las aplicaciones en la nube

Entrega de malware en la nube

The popularity of cloud malware delivery in Australia increased considerably in the past 12 months. While other regions remained consistent, Australia had fast growth from November 2022 to February 2023, and kept the high percentage between 68% and 79% with a slight decrease in August and September, but still higher than other regions. The usage of cloud apps allows malware to fly under the radar and to evade regular security controls that rely on tools such as domain block lists or that do not inspect cloud traffic.

Malware Delivery, Cloud vs. Web, Australia vs Other Regions - Last 12 Months

Compared to other regions, Australia has the highest percentage of cloud malware downloads, followed by Latin America and Europe.

Malware Sourced from the Cloud Last 12 Months Average - Australia

Aplicaciones en la nube abusadas para la entrega de malware

In addition to OneDrive being the top overall app for downloads in Australia, it is also the top app for malware downloads. Such malware downloads typically take the form of an attacker using OneDrive to host malware and sharing the malware with their victims. Occasionally, a user may inadvertently upload an infected file to a shared location that results in malware spreading within an organization.

Followed by OneDrive is SharePoint. With 18%, SharePoint exceeds other regions by approximately double. In third place, and also showing close to double the percentage, is GitHub, with 12%.

As highlighted earlier in this report, Microsoft OneDrive and SharePoint, for example, are very popular apps among users in Australia, which makes them both useful apps for attackers seeking to target a wide variety of organizations using the same app, and also makes it more likely that the malicious payloads would reach their targets.

Top Cloud Apps Abused for Malware Download Last 12 Months Australia vs Other Regions

Malware & Ransomware

Principales tipos de malware

The most common types of malware that Netskope users attempted to download from the web or cloud were Trojans, which are commonly used by attackers to gain an initial foothold and deliver other types of malware, such as infostealers, remote access Trojans, backdoors, and ransomware. Detecting and blocking Trojans can prevent malware infections that would result in other malicious payloads being installed. All other types of malware make up a comparatively small percentage of the total, which is the same as in other regions.

Most Common Types of Malware Last 12 Months Australia vs Other Regions

Principales familias de malware y ransomware

This list contains the top 10 malware and ransomware families detected by Netskope targeting users in Australia in the last 12 months:

Infostealer.AgentTesla is a .NET-based Remote Access Trojan with many capabilities, such as stealing browsers’ passwords, capturing keystrokes, clipboard, etc.

Downloader.Cerbu is a malware that can download and execute other malware as well as maintain persistence in the infected system.

Botnet.Emotet is one of the most relevant botnets in the cyber threat landscape, often used to deliver other malware, such as TrickBot.

Trojan.FormBook (también conocido como XLoader) es un malware que brinda control total sobre las máquinas infectadas y ofrece muchas funcionalidades , como robar contraseñas y ejecutar malware adicional.

Botnet.IcedID is a very popular botnet that has been around since 2017. It is often used to steal personal data, credentials, banking information and also to download and execute other payloads such as Cobalt Strike.

Phishing.PhishingX is a malicious PDF file used as part of a phishing campaign to redirect victims to a phishing page.

Infostealer.RedLine is a malware designed to steal data such as credit card numbers, passwords, VPN and FTP credentials, gaming accounts, and even data from crypto wallets.

Downloader.SLoad (a.k.a Starslord) is a download that is often used to deliver Ramnit.

Ransomware.Sodinokibi (a.k.a REvil) is a Ransomware that was first flagged on April 17, 2019 and is known for being used by the GOLD SOUTHFIELD threat group.

Trojan.Valyria (a.k.a. POWERSTATS) is a family of malicious Microsoft Office Documents that contain embedded malicious VBScripts usually to deliver other malicious payloads.

Recomendaciones

This report highlighted increasing cloud adoption, including increases of data being uploaded to, and downloaded from, a wide variety of cloud apps. It also highlighted an increasing trend of attackers abusing a wide variety of cloud apps, especially popular enterprise apps, to deliver malware (mostly Trojans) to their victims. Netskope Threat Labs recommends organizations in the Australia region review their security posture to ensure that they are adequately protected against these trends:

Inspeccione todas las descargas HTTP y HTTPS, incluido todo el tráfico web y en la nube, para evitar que el malware se infiltre en su red. Los clientes de Netskope pueden configurar su Netskope Next Gen Secure Web Gateway con una política de protección contra amenazas que se aplica a las descargas de todas las categorías y se aplica a todos los tipos de archivos.
Asegúrese de que los tipos de archivos de alto riesgo, como los ejecutables y los archivos comprimidos, se inspeccionen minuciosamente mediante una combinación de análisis estático y dinámico antes de descargarlos. Los clientesde Netskope Advanced Threat Protection pueden usar una política de prevención de paciente cero para retener las descargas hasta que hayan sido inspeccionadas por completo.
Configure políticas para bloquear descargas de aplicaciones e instancias que no se utilizan en su organización para reducir su superficie de riesgo a solo aquellas aplicaciones e instancias que son necesarias para el negocio.
Configure políticas para bloquear cargas a aplicaciones e instancias que no se utilizan en su organización para reducir el riesgo de exposición de datos accidental o deliberada por parte de personas internas o abuso por parte de atacantes.
Utilice un sistema de prevención de intrusiones (IPS) que pueda identificar y bloquear patrones de tráfico malicioso, como el tráfico de comando y control asociado con malware popular. El bloqueo de este tipo de comunicación puede evitar daños mayores al limitar la capacidad del atacante para realizar acciones adicionales.
Use Remote Browser Isolation (RBI) technology to provide additional protection when there is a need to visit websites that fall into categories that can present higher risk, like Newly Observed and Newly Registered Domains.

Netskope Threat Labs

Netskope Threat Labs, integrado por los principales investigadores de malware y amenazas en la nube de la industria, descubre, analiza y diseña defensas contra las últimas amenazas en la nube que afectan a las empresas. Nuestros investigadores son presentadores regulares y voluntarios en las principales conferencias de seguridad, incluidas DefCon, BlackHat y RSA.

Acerca de este informe

Netskope brinda protección contra amenazas a millones de usuarios en todo el mundo. La información presentada en este informe se basa en datos de uso anónimos recopilados por la plataforma Netskope Security Cloud relacionados con un subconjunto de clientes de Netskope con autorización previa.

This report contains information about detections raised by Netskope’s Next Generation Secure Web Gateway (SWG), not considering the significance of the impact of each individual threat. Stats in this report are based on the period starting October 1, 2022 through September 30, 2023. Stats are a reflection of attacker tactics, user behavior, and organization policy.

Informes de laboratorios de amenazas

En el informe mensual de Netskope Threat Labs, encontrará los 5 principales dominios maliciosos, malware y aplicaciones que la plataforma Netskope Security Cloud ha bloqueado, además de publicaciones recientes y un resumen de las amenazas.

Examinar informes

Acelere su estrategia de seguridad con el líder en SASE.

¡Empezar!