Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide.
Summary
- Attackers continue to attempt to fly under the radar by using cloud apps to deliver malware, with 58% of all malware downloads in March originating from 162 cloud apps.
- While malicious PE (EXE/DLL) files, archives (ZIP, 7Z, GZ), and plain text files (PS, LNK) continue to dominate malware downloads, DMG files are on the rise as attackers target Mac OSX users.
- Trojans continue to represent the majority of malware downloads, used to deliver payloads such as the infostealers RecordBreaker and AgentTesla, and the Stop and Royal ransomware.
Cloud Malware Delivery
Attackers attempt to fly under the radar by delivering malicious content via popular cloud apps. Abusing cloud apps for malware delivery enables attackers to evade security controls that rely primarily on domain block lists and UR