閉める
閉める
明日に向けたネットワーク
明日に向けたネットワーク
サポートするアプリケーションとユーザー向けに設計された、より高速で、より安全で、回復力のあるネットワークへの道を計画します。
          Netskopeを体験しませんか?
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            SSEのリーダー。 現在、シングルベンダーSASEのリーダーです。
            SSEのリーダー。 現在、シングルベンダーSASEのリーダーです。
            Netskope、2024年ガートナー、シングルベンダーSASEのマジック・クアドラントでリーダーの1社の位置付けと評価された理由をご確認ください。
              ダミーのためのジェネレーティブAIの保護
              ダミーのためのジェネレーティブAIの保護
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
                Modern data loss prevention (DLP) for Dummies eBook
                最新の情報漏えい対策(DLP)for Dummies
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                  SASEダミーのための最新のSD-WAN ブック
                  Modern SD-WAN for SASE Dummies
                  遊ぶのをやめる ネットワークアーキテクチャに追いつく
                    リスクがどこにあるかを理解する
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        レガシーVPNを完全に置き換えるための6つの最も説得力のあるユースケース
                        レガシーVPNを完全に置き換えるための6つの最も説得力のあるユースケース
                        Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                          Colgate-Palmoliveは、スマートで適応性のあるデータ保護により「知的財産」を保護します
                          Colgate-Palmoliveは、スマートで適応性のあるデータ保護により「知的財産」を保護します
                            Netskope GovCloud
                            NetskopeがFedRAMPの高認証を達成
                            政府機関の変革を加速するには、Netskope GovCloud を選択してください。
                              Let's Do Great Things Together
                              Netskopeのパートナー中心の市場開拓戦略により、パートナーは企業のセキュリティを変革しながら、成長と収益性を最大化できます。
                                Netskopeソリューション
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                  Netskopeテクニカルサポート
                                  Netskopeテクニカルサポート
                                  クラウドセキュリティ、ネットワーキング、仮想化、コンテンツ配信、ソフトウェア開発など、多様なバックグラウンドを持つ全世界にいる有資格のサポートエンジニアが、タイムリーで質の高い技術支援を行っています。
                                    Netskopeの動画
                                    Netskopeトレーニング
                                    Netskopeのトレーニングは、クラウドセキュリティのエキスパートになるためのステップアップに活用できます。Netskopeは、お客様のデジタルトランスフォーメーションの取り組みにおける安全確保、そしてクラウド、Web、プライベートアプリケーションを最大限に活用するためのお手伝いをいたします。

                                      Netskope Threat Coverage: Microsoft Quick Assist Ransomware Attacks

                                      May 21 2024

                                      Introduction

                                      Microsoft has recently highlighted the abuse of the remote support tool Quick Assist in sophisticated social engineering attacks leading to ransomware infections. This blog post summarizes the threat and recommends a mitigation strategy for Netskope customers.

                                      Attack Chain

                                      An unknown adversary group is exploiting Quick Assist in targeted social engineering campaigns. These attacks typically begin with vishing (voice phishing) to impersonate trusted entities, such as technical support or IT personnel, to trick victims into granting remote access to their devices. Microsoft is currently referring to this unknown adversary group as Storm-1811. The Storm-#### naming scheme is one that Microsoft uses as a temporary name for unknown, emerging threats and groups in development.

                                      Once they obtain access via Quick Assist, the attackers deploy various malicious tools and malware. The attack chain includes the following key stages:

                                      1. Impersonation and Vishing: Attackers impersonate IT support, contacting targets via phone and convincing them to use Quick Assist for troubleshooting.
                                      2. Remote Access: The victim initiates a Quick Assist session, granting the attacker access.
                                      3. Execution of Malicious Commands: Attackers run scripted commands to download and execute malicious payloads.
                                      4. Tool Deployment: The attackers use tools like ScreenConnect and NetSupport Manager to facilitate remote control and Qakbot and Cobalt Strike to deploy additional payloads.
                                      5. Ransomware Deployment: The attackers use PsExec to deploy the Black Basta ransomware across the network.

                                      Recommendations

                                      Netskope Threat Labs recommends disabling Quick Assist if you are not actively using it. Netskope SWG customers can disable Quick Assist by configuring a rule to block traffic to remoteassistance.support.services.microsoft.com. For organizations with a legitimate use for Quick Assist, Netskope customers can leverage real-time user coaching to train users who access Quick Assist to recognize social engineering tactics. The following screenshot provides an example of such a message. 

                                      Conclusion

                                      The abuse of Quick Assist in ransomware attacks underscores the importance of locking down channels for remote access into your systems. Netskope Threat Labs recommends disabling Quick Assist if you are not actively using it and leveraging real-time user coaching in organizations using Quick Assist.

                                      author image
                                      Ray Canzanese
                                      Ray is the Director of Netskope Threat Labs, which specializes in cloud-focused threat research. His background is in software anti-tamper, malware detection and classification, cloud security, sequential detection, and machine learning.
                                      Ray is the Director of Netskope Threat Labs, which specializes in cloud-focused threat research. His background is in software anti-tamper, malware detection and classification, cloud security, sequential detection, and machine learning.

                                      Stay informed!

                                      Subscribe for the latest from the Netskope Blog