閉める
閉める
明日に向けたネットワーク
明日に向けたネットワーク
サポートするアプリケーションとユーザー向けに設計された、より高速で、より安全で、回復力のあるネットワークへの道を計画します。
          Netskopeを体験しませんか?
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            SSEのリーダー。 現在、シングルベンダーSASEのリーダーです。
            SSEのリーダー。 現在、シングルベンダーSASEのリーダーです。
            Netskope、2024年Gartner®社のシングルベンダーSASEのマジック・クアドラントでリーダーの1社の位置付けと評価された理由をご確認ください。
              ダミーのためのジェネレーティブAIの保護
              ダミーのためのジェネレーティブAIの保護
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
                Modern data loss prevention (DLP) for Dummies eBook
                最新の情報漏えい対策(DLP)for Dummies
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                  SASEダミーのための最新のSD-WAN ブック
                  Modern SD-WAN for SASE Dummies
                  遊ぶのをやめる ネットワークアーキテクチャに追いつく
                    リスクがどこにあるかを理解する
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        レガシーVPNを完全に置き換えるための6つの最も説得力のあるユースケース
                        レガシーVPNを完全に置き換えるための6つの最も説得力のあるユースケース
                        Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                          Colgate-Palmoliveは、スマートで適応性のあるデータ保護により「知的財産」を保護します
                          Colgate-Palmoliveは、スマートで適応性のあるデータ保護により「知的財産」を保護します
                            Netskope GovCloud
                            NetskopeがFedRAMPの高認証を達成
                            政府機関の変革を加速するには、Netskope GovCloud を選択してください。
                              Let's Do Great Things Together
                              Netskopeのパートナー中心の市場開拓戦略により、パートナーは企業のセキュリティを変革しながら、成長と収益性を最大化できます。
                                Netskopeソリューション
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                  Netskopeテクニカルサポート
                                  Netskopeテクニカルサポート
                                  クラウドセキュリティ、ネットワーキング、仮想化、コンテンツ配信、ソフトウェア開発など、多様なバックグラウンドを持つ全世界にいる有資格のサポートエンジニアが、タイムリーで質の高い技術支援を行っています。
                                    Netskopeの動画
                                    Netskopeトレーニング
                                    Netskopeのトレーニングは、クラウドセキュリティのエキスパートになるためのステップアップに活用できます。Netskopeは、お客様のデジタルトランスフォーメーションの取り組みにおける安全確保、そしてクラウド、Web、プライベートアプリケーションを最大限に活用するためのお手伝いをいたします。

                                      Cloud Threats Memo: Scary Examples of Weaponizing Google Drive

                                      Nov 18 2021

                                      The abuse of Google Drive to deliver malicious content continues, and two recent examples remind us how the flexibility of this cloud storage tool can be easily weaponized by malicious actors. And the spectrum of content that can be distributed, and victims that can be targeted is surprising.

                                      In the first example, attributed to a group of hackers recruited in a Russian-speaking forum, the Google Threat Analysis Group has dismantled a financially motivated phishing campaign targeting YouTubers with Cookie Theft malware, a session hijacking technique that enables access to user accounts with session cookies stored in the browser. The purpose of this campaign, luring the victims with fake collaboration opportunities, was to hijack their YouTube channel and then either sell it or use it for cryptocurrency scams.

                                      The phishing typically started with a customized email introducing a company and its products (1,011 domains, some of them impersonating legitimate companies), and once the target agreed to the deal, a malware landing page disguised as a software download URL was sent via email or a PDF on Google Drive, and in a few cases, Google Documents containing the phishing links. To give you an idea of how easily these services can be exploited for large-scale campaigns, Google identified around 15,000 accounts, some of which were explicitly created for this campaign.

                                      An additional (literally) scary campaign spotted by Cofense has delivered the MirCop ransomware via an articulated multi-stage kill chain where once again Google Drive plays an important (initial) role. This specific attack started via a business-related email, suggesting a previous agreement between the sender and the victim, and containing the link to a supposed “DWG following Supplies List” hosted on a Google Drive URL. Besides evading Secure Email Gateways, Google Drive provides legitimacy to the email and in the user’s mind is also associated with a service used to exchange business communications. The linked document is an MHT file (a web archive file type) that, once executed, downloads a RAR compressed file. The RAR archive itself contains an executable, a DotNET loader that uses VBS scripts to drop and run the MIRCOP ransomware. And yes, this infection is scary since, among other things, the ransomware changes the home screen to a gory image.

                                      These two examples demonstrate how simply Google Drive can be weaponized for large-scale campaigns in multiple ways. And these examples are not the only ones: a simple search on URLhaus is worth more than a thousand words (do you recognize two old acquaintances such as BazarLoader and GuLoader?)

                                      How Netskope mitigates the risk of rogue cloud instances abused to deliver malicious content

                                      There are multiple stages of the attack chain where the Netskope Next-Gen SWG can mitigate this threat.

                                      • It is possible to block the access (and in general enforce granular controls) to dozens of non-corporate cloud services such as Google Drive (including personal instances of corporate services or non-corporate instances abused by the attackers).
                                      • Downloading a malicious document from a web page or a cloud service can be prevented by the Threat Protection Engine that offers multiple engines including signature-based AV, advanced heuristics, sandboxing, and a ML-based scanner for malicious documents and executables.
                                      • Any redirection within the kill chain can be prevented by the content filtering engine that offers 16 granular security risk categories, including phishing and malware distribution points.
                                      • The Cloud Threat Exchange, a component of Netskope Cloud Exchange improves attack neutralization via bi-directional automated IoC sharing (hashes, IPs, domains, and URLs) with third-parties such as EDR technologies and threat intelligence feeds.
                                      • Netskope Advanced Analytics provides a specific Threat Protection Dashboard with rich insights on malicious traffic to non-corporate cloud instances and web pages, most targeted users, top applications exploited to deliver malicious content, etc. A valuable tool for SOC teams and Incident responders.

                                      Stay safe!

                                      author image
                                      Paolo Passeri
                                      Paolo supports Netskope’s customers in protecting their journey to the cloud and is a security professional, with 20+ years experience in the infosec industry.
                                      Paolo supports Netskope’s customers in protecting their journey to the cloud and is a security professional, with 20+ years experience in the infosec industry.

                                      Stay informed!

                                      Subscribe for the latest from the Netskope Blog