fermer
fermer
Le réseau de demain
Le réseau de demain
Planifiez votre chemin vers un réseau plus rapide, plus sûr et plus résilient, conçu pour les applications et les utilisateurs que vous prenez en charge.
          Essayez Netskope
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            Un leader sur SSE. Désormais leader en matière de SASE à fournisseur unique.
            Un leader sur SSE. Désormais leader en matière de SASE à fournisseur unique.
            Netskope fait ses débuts en tant que leader dans le Magic Quadrant™ de Gartner® pour le SASE à fournisseur unique.
              Sécuriser l’IA générative pour les nuls
              Sécuriser l’IA générative pour les nuls
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
                Modern data loss prevention (DLP) for Dummies eBook
                La prévention moderne des pertes de données (DLP) pour les Nuls
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                  Réseau SD-WAN moderne avec SASE pour les nuls
                  Modern SD-WAN for SASE Dummies
                  Cessez de rattraper votre retard en matière d'architecture de réseau
                    Identification des risques
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        Les 6 cas d'utilisation les plus convaincants pour le remplacement complet des anciens VPN
                        Les 6 cas d'utilisation les plus convaincants pour le remplacement complet des anciens VPN
                        Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                          Colgate-Palmolive protège sa "propriété intellectuelle" "grâce à une protection des données intelligente et adaptable
                          Colgate-Palmolive protège sa "propriété intellectuelle" "grâce à une protection des données intelligente et adaptable
                            Netskope GovCloud
                            Netskope obtient l'autorisation FedRAMP High Authorization
                            Choisissez Netskope GovCloud pour accélérer la transformation de votre agence.
                              Let's Do Great Things Together
                              La stratégie de commercialisation de Netskope privilégie ses partenaires, ce qui leur permet de maximiser leur croissance et leur rentabilité, tout en transformant la sécurité des entreprises.
                                Solutions Netskope
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                  Support technique de Netskope
                                  Support technique de Netskope
                                  Nos ingénieurs d'assistance qualifiés sont répartis dans le monde entier et possèdent des expériences diverses dans les domaines de la sécurité du cloud, des réseaux, de la virtualisation, de la diffusion de contenu et du développement de logiciels, afin de garantir une assistance technique rapide et de qualité
                                    Vidéo Netskope
                                    Formation Netskope
                                    Grâce à Netskope, devenez un expert de la sécurité du cloud. Nous sommes là pour vous aider à achever votre transformation digitale en toute sécurité, pour que vous puissiez profiter pleinement de vos applications cloud, Web et privées.

                                      Cloud Threats Memo: Cyber Espionage Campaign Using Remote Access Tools

                                      Mar 14 2023

                                      Another day, another cyber espionage campaign exploiting two legitimate and well-known cloud services to deliver the malicious payload.

                                      Once again, this campaign was unearthed by researchers at Sentinel One, and it is aimed to distribute the Remcos Remote Access Tool (yet another example of a remote control tool used for malicious purposes) through the DBatLoader to target predominantly organizations in Eastern Europe.

                                      DbatLoader, is a malware downloader characterized by the abuse of cloud services to host the second stage payload that contains and executes the actual malware payload (in this specific case the Remcos RAT).

                                      The attack starts with phishing emails distributing DBatLoader in the form of attached tar.lz archives disguised as financial documents, such as invoices or tender documentation, originating from institutions or business organizations related to the target. The phishing emails are sent from compromised private email accounts and accounts from public email services relevant to the targets.

                                      Once the attachment is decompressed and the embedded executable is run, DBatLoader downloads and executes an obfuscated second-stage payload from two public well-known cloud services: Microsoft OneDrive (the most abused cloud service to deliver malware) and Google Drive. The executed payload abuses the mock folders technique to bypass the Windows User Account Control and drop the Remcos RAT. 

                                      How Netskope mitigates the risk of legitimate cloud services exploited to deliver malware

                                      Microsoft OneDrive and Google Drive are among the thousands of services where the Netskope Next Gen SWG can provide granular access control, threat protection, and DLP capabilities, and the hundreds of services for which instance detection is available.

                                      In case a legitimate cloud service is exploited to deliver malware, it is possible to configure a policy that prevents potentially dangerous activities (such as download) from non-corporate instances, or in general from any unneeded cloud storage service for the enterprise.

                                      The following picture shows the example of a policy blocking any activity, except “View” and “View All” for Microsoft OneDrive, Microsoft OneDrive for Business, and Google Drive. The unmatched granular access control across the apps (a total of 16 activities can be governed in total), can also be applied to specific instances.

                                      Netskope customers are also protected against malware downloads from a legitimate cloud service and the web in general by Netskope Threat Protection. Netskope Threat Protection scans web and cloud traffic to detect known and unknown threats with a comprehensive set of engines, including signature-based AV, machine learning-based detectors for executables and Office documents, and sandboxing, including patient zero protection.

                                      Netskope Cloud Exchange provides powerful integration tools to leverage investments across their security posture through integration with third-party tools, such as threat intelligence feeds and endpoint detection technologies.

                                      Finally, Netskope Advanced Analytics provides specific dashboards to assess the risk of rogue cloud instances being exploited to deliver malware or becoming the target of anomalous communications, with rich details and insights, supporting security teams in the analysis and mitigation/remediation process.

                                      You can subscribe to the Cloud Threats Memo mailing list at this link.

                                      Stay safe!

                                      author image
                                      Paolo Passeri
                                      Paolo supports Netskope’s customers in protecting their journey to the cloud and is a security professional, with 20+ years experience in the infosec industry.
                                      Paolo supports Netskope’s customers in protecting their journey to the cloud and is a security professional, with 20+ years experience in the infosec industry.

                                      Restez informé !

                                      Abonnez-vous pour recevoir les dernières nouvelles du blog de Netskope