Accelerate your SASE deployment with the SASE Week Backstage Series. Explore sessions

close
close
  • Why Netskope chevron

    Changing the way networking and security work together.

  • Our Customers chevron

    Netskope serves more than 3,400 customers worldwide including more than 30 of the Fortune 100

  • Our Partners chevron

    We partner with security leaders to help you secure your journey to the cloud.

A Leader in SSE.
Now a Leader in Single-Vendor SASE.

Learn why Netskope debuted as a leader in the 2024 Gartner® Magic Quadrant™️ for Single-Vendor Secure Access Service Edge

Get the report
Customer Visionary Spotlights

Read how innovative customers are successfully navigating today’s changing networking & security landscape through the Netskope One platform.

Get the eBook
Customer Visionary Spotlights
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn about Netskope Partners
Group of diverse young professionals smiling
Your Network of Tomorrow

Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.

Get the white paper
Your Network of Tomorrow
Introducing the Netskope One Platform

Netskope One is a cloud-native platform that offers converged security and networking services to enable your SASE and zero trust transformation.

Learn about Netskope One
Abstract with blue lighting
Embrace a Secure Access Service Edge (SASE) architecture

Netskope NewEdge is the world’s largest, highest-performing security private cloud and provides customers with unparalleled service coverage, performance and resilience.

Learn about NewEdge
NewEdge
Netskope Cloud Exchange

The Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.

Learn about Cloud Exchange
Aerial view of a city
The platform of the future is Netskope

Intelligent Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), and Private Access for ZTNA built natively into a single solution to help every business on its journey to Secure Access Service Edge (SASE) architecture.

Go to Products Overview
Netskope video
Next Gen SASE Branch is hybrid — connected, secured, and automated

Netskope Next Gen SASE Branch converges Context-Aware SASE Fabric, Zero-Trust Hybrid Security, and SkopeAI-powered Cloud Orchestrator into a unified cloud offering, ushering in a fully modernized branch experience for the borderless enterprise.

Learn about Next Gen SASE Branch
People at the open space office
Designing a SASE Architecture For Dummies

Get your complimentary copy of the only guide to SASE design you’ll ever need.

Get the eBook
Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn about NewEdge
Lighted highway through mountainside switchbacks
Safely enable the use of generative AI applications with application access control, real-time user coaching, and best-in-class data protection.

Learn how we secure generative AI use
Safely Enable ChatGPT and Generative AI
Zero trust solutions for SSE and SASE deployments

Learn about Zero Trust
Boat driving through open sea
Netskope achieves FedRAMP High Authorization

Choose Netskope GovCloud to accelerate your agency’s transformation.

Learn about Netskope GovCloud
Netskope GovCloud
  • Resources chevron

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog chevron

    Learn how Netskope enables security and networking transformation through secure access service edge (SASE)

  • Events and Workshops chevron

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined chevron

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

The Future of Security: Quantum, AI, and Macro-political Change
Emily Wearmouth and Max Havey speak with Netskope CEO Sanjay Beri and CTO Krishna Narayanaswamy about the future of security.

Play the podcast Browse all podcasts
The Future of Security: Quantum, AI, and Macro-political Change
Latest Blogs

Read how Netskope can enable the Zero Trust and SASE journey through secure access service edge (SASE) capabilities.

Read the blog
Sunrise and cloudy sky
SASE Week 2024 On-Demand

Learn how to navigate the latest advancements in SASE and zero trust and explore how these frameworks are adapting to address cybersecurity and infrastructure challenges

Explore sessions
SASE Week 2024
What is SASE?

Learn about the future convergence of networking and security tools in today’s cloud dominant business model.

Learn about SASE
  • Company chevron

    We help you stay ahead of cloud, data, and network security challenges.

  • Careers chevron

    Join Netskope's 3,000+ amazing team members building the industry’s leading cloud-native security platform.

  • Customer Solutions chevron

    We are here for you and with you every step of the way, ensuring your success with Netskope.

  • Training and Accreditations chevron

    Netskope training will help you become a cloud security expert.

Supporting sustainability through data security

Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability.

Find out more
Supporting Sustainability Through Data Security
Help shape the future of cloud security

At Netskope, founders and leaders work shoulder-to-shoulder with their colleagues, even the most renowned experts check their egos at the door, and the best ideas win.

Join the team
Careers at Netskope
Netskope’s talented and experienced Professional Services team provides a prescriptive approach to your successful implementation.

Learn about Professional Services
Netskope Professional Services
Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn about Training and Certifications
Group of young professionals working
Post Thumbnail

Tune into our latest Security Visionaries podcast where host Max Havey engages in a riveting discussion with Ray Canzanese, the Director of Netskope Threat Labs as they reflect on the threat landscape trends of 2023. In this episode they examine the emergence of generative AI, the rampant use of Trojans in cyber attacks, the dynamic tactics of cyber extortion, and delve into the effects of geopolitical conflicts on cyber threats and the prevalent role of ransomware.

Read the latest Cloud and Threat Report.

The trend of attackers getting better and better at stealth and blending in, that’s going to continue. It’s not like they figured out the secret, and that’s what they’re going to do forever. They’ve figured out how to operate effectively right now, and they will continue to operate that way until it becomes very difficult for them to operate that way.

—Ray Canzanese, Director, Netskope Threat Labs
Ray Canzanese

 

Timestamps

*00:01 - Introduction*08:25 - Attackers’ blend-In techniques
*00:23 - 2023 threat trends*09:29 - Regional and sector-specific cyber threat activity
*02:25 - Surprises*11:58 - AI impact on the threat landscape
*03:42 - Geopolitical turmoil and its cyber consequences*17:16 - Adaptability in Cybersecurity
*05:05 - Ransomware dominance in cyber attacks*18:56 - Advice for Security Leaders: Current Attack Methods & Adaptability
*07:15 - Shift in attacker ideology*21:37 - Conclusion

 

Other ways to listen:

green plus

On this episode

Ray Canzanese
Director, Netskope Threat Labs

chevron

Robert Arandjelovic

Ray is the Director of Netskope Threat Labs, which specializes in cloud-focused threat research. His background is in software anti-tamper, malware detection and classification, cloud security, sequential detection, and machine learning.

LinkedIn logo

Max Havey
Senior Content Specialist at Netskope

chevron

Max Havey

Max Havey is a Senior Content Specialist for Netskope’s corporate communications team. He is a graduate from the University of Missouri’s School of Journalism with both Bachelor’s and Master’s in Magazine Journalism. Max has worked as a content writer for startups in the software and life insurance industries, as well as edited ghostwriting from across multiple industries.

LinkedIn logo

Robert Arandjelovic

Ray is the Director of Netskope Threat Labs, which specializes in cloud-focused threat research. His background is in software anti-tamper, malware detection and classification, cloud security, sequential detection, and machine learning.

LinkedIn logo

Max Havey

Max Havey is a Senior Content Specialist for Netskope’s corporate communications team. He is a graduate from the University of Missouri’s School of Journalism with both Bachelor’s and Master’s in Magazine Journalism. Max has worked as a content writer for startups in the software and life insurance industries, as well as edited ghostwriting from across multiple industries.

LinkedIn logo

Episode transcript

Open for transcript

Max Havey [00:00:02] Hello and welcome to another edition of the Security Visionaries Podcast, a podcast all about the world of cyber data and tech infrastructure, bringing together experts from around the world and across domains. Today, we're taking a look back at the year in threats with Ray Canzanese, Director of Netscape Threat Labs, digging into some of the trends he saw, as well as what surprised him about the findings for 2023. How's it going, Ray? How are you doing today?

Ray Canzanese [00:00:23] Hey, happy New Year, Max. Glad to see you again. Glad to be here talking cybersecurity again. No more cookies and pies.

Max Havey [00:00:30] Yeah, we're out of the cookies and pies. And we're almost out of the 2023 year end reflection season. This is capping us off here. We're out of predictions, we're out of resolutions. Let's talk. Let's look back at the year on threats and then see what we have in store for 2024 here. So to start things off here, as you look back at 2023, what were some of the biggest trends that you encountered looking back at that data?

Ray Canzanese [00:00:51] Yeah, sure. I'll give you three. Right. The first one's got to be generative AI. And what I mean by that is like a year ago, right? If we look back to the end of 2022, nobody was using generative AI for anything. Fast forward to today. We've got about 10% of all enterprise users every month that are using at least one of these cloud based generative AI apps. And even more than that, the amount of usage we're seeing of those apps growing exponentially. Right. So these things are just getting more and more popular by the minute. Number two Trojans, right? We saw Trojans as the most popular attack method attackers were using to to get into victim organizations and we've been seeing a lot of that infiltration be happening by delivering those Trojans over very popular cloud apps. And then I'd say number three is probably the continuing evolution of the extortion playbook. Right? This is, uh, it began as ransomware. Right. And then people stopped paying ransoms and it was like, okay, we'll disclose all your secrets publicly, right? If you don't pay our ransom, it's evolved a little bit more where we see now, it's like ransomware info stealers and wipers. And as you better pay that, ransomware pay that and pay that ransom fast, or I'm going to start breaking stuff and I'm going to start releasing data. Right. It's just more tools to try to incentivize victims to pay up.

Max Havey [00:02:19] Definitely. And among those trends, was there anything that really stuck out to you as a really big surprise? Was there anything that jumped out at you?

Ray Canzanese [00:02:25] Yeah. So it's not from one of the three things that I just said. And it's because it's hard to, I think, surprise me when it comes to the threat-related trends. I think the biggest thing that surprised me when we were looking at all this stuff at the end of the year, was that I was convinced from all the media that I consumed throughout the year that nobody was using Twitter anymore. Right. I would have expected Twitter use after the Elon Musk takeover based on what I had been reading, to be down significantly, but it was mostly flat. It was mostly like exactly the same as it was a year ago. So that's maybe the way you surprise me as a trend like that popping up, where obviously social media has its ebbs and flows. Right? We saw some platforms lose popularity like Facebook. We saw this gain popularity. But I was very surprised when I saw Twitter. They're right about the same levels. It was a year ago.

Max Havey [00:03:18] Definitely. I think that was the feel from a lot of folks, like someone else who's using Twitter for well over a decade. At this point. I was surprised to to hear that when I when when you brought that up there and this is Twitter being used for malware campaigns, for people using attacks and things of that sort?

Ray Canzanese [00:03:31] This is just overall Twitter use, right? This is just like people logging on to Twitter and looking at what their friends are doing or current events or whatever it is kids are using Twitter for these days.

Max Havey [00:03:42] Absolutely. I've always described this. I'd keep going back there being like, oh yeah, I know this is a laundromat, but this place used to serve really good burgers. That's how it that's how it feels most. It's going from there, though. A lot of stuff has been happening out in the world. So thinking about a lot of the geopolitical turmoil we've seen this year, have you seen this sort of play out in the cyber threat landscape at all? Is that something that's popped up among these sort of key trends that you've noticed it?

Ray Canzanese [00:04:04] Absolutely. We live in a world now where cyber operations, right, when we're talking about espionage, sabotage, information warfare, right, misinformation campaigns, all of that stuff, it's a like standard and central component of international relations. And so wherever you see geopolitical conflict, you are going to see cyber conflict mirroring that geopolitical conflict. It's just the way the world is now, obviously, for example, in Ukraine, we've seen and we've covered on our net scope throughout labs blog, multiple attacks targeting public utilities in Ukraine, targeting private citizens in Ukraine, targeting companies in Ukraine. And just because of that conflict and others throughout Asia, we've seen very high geopolitical threat group activity more than any other region.

Max Havey [00:05:05] Absolutely. And I think that makes a lot of sense, and that the trends that we're seeing elsewhere are going to be popular among the threat actors who are on all sides of these sorts of conflicts. Cyber warfare is just the latest frontier of all this. Going from that to other sort of trends that we've seen here, ransomware was a really big, broad trend going into 2023. Did it really dominate the conversations the way you were expecting it to? When we were thinking about things in 2022, coming into 2023.

Ray Canzanese [00:05:30] Ransomware was absolutely dominant as expected and continued to grow as well. So extortion has been a big moneymaker for cybercriminals. And so when you have that much money being made, you're going to continue to see new groups try to get into that game. And so you'll see at Netskope Threat labs. We're going to cover this stuff all the time. New ransomware family released written in this new language targeting this new set of victims. New groups getting formed from old groups that have gotten broken up or splintered to members of old groups. Right. It's become this industry, right? Which is going to be very hard to break up. And I mentioned when we got started that we saw that extortion playbook that used to just be ransomware, then became ransomware and info stealers. Now it seems to be ransomware and info stealers and wipers, where it's just groups doubling down, leaking data, destroying data, doing anything they can do to get their victims to pay. And you've even seen a lot of groups in this past year who used to claim to be the good guys, right? Like we're extorting people, but the only people we extort are oil companies, right? We would never extort a hospital. Right. You're seeing a lot of groups now that don't draw that line anymore, right? That they're done trying to play that game of we're benevolently extorting people here to just extort everybody you can. Right. We're just here to make money off of anybody we possibly can, no matter what happens as a result.

Max Havey [00:07:15] Definitely. And I think it's especially interesting thinking about that sort of that shift that's taken place with the attackers. And is that something that you saw evolving over 2023? Because I remember with some specific different hacker groups that you talked about in, in past monthly threat reports about saying, oh, we're not going to target critical infrastructure, we're not going to target hospitals, but you're just seeing less of those sorts of ethical like mission or quote unquote, ethical mission statements within these groups.

Ray Canzanese [00:07:40] I would say previously, basically every group had a mission statement like that. And what we're starting to see now is groups that certain groups that lack such a mission statement, not that we never saw hospitals or critical infrastructure getting hit before. Right. It was just say, let's try our best to avoid doing that, right? One, because we're not trying to hurt or kill anybody. Right? We're just trying to make money. And two, when you start doing things that hurt and kill people, there is a different level of scrutiny that gets placed on you and you want to, if you're acting in a illegal enterprise, limit your exposure to law enforcement and geopolitical pressures as much as possible.

Max Havey [00:08:25] Of course, you don't necessarily want that kind of smoke that comes from targeting those sort of essential entities.

Ray Canzanese [00:08:31] Exactly.

Max Havey [00:08:33] Interesting. That's a very interesting approach. That sort of seeing the way that the hacker or not hacker, the attacker like ideology shifted in that way. That's an interesting approach. Yeah, we've.

Ray Canzanese [00:08:42] Even seen groups that during the extortion demand phase, they would say things like, we're the good guys here, right? There are other groups that are much worse than us that would have done much more terrible things than we did to you. So you should pay us as a thank you for not doing worse things to you. Once we got access to your network.

Max Havey [00:09:11] Yeah, the old you should be thankful I'm only doing this because I could be doing much worse things than this.

Ray Canzanese [00:09:15] Yes

Max Havey [00:09:17] And so going from there. Were there any sort of either sector or region specific trends that that stuck out to you as well? Or were the patterns the same among regions and sectors as things happened to 2023?

Ray Canzanese [00:09:29] Sure. So like the big picture, right. If we take a big step back, the big picture was cybercrime and extortion, right? That was the big story. No matter what industry or region you were working in, and Russia was on the other side of that in most circumstances, meaning groups operating out of or presumed to be operating out of Russia. When you start seeing the differences, the first place you start seeing differences is when you start to look at things regionally. Right. We already talked about Ukraine, right? And so if you look at just organizations in Asia and you look at that breakdown of criminal activity versus geopolitical activity, you see a much higher percentage of geopolitical activity in Asia surrounding especially that conflict in Ukraine. Latin America, also lots of geopolitical turmoil there also not very far behind in terms of how much geopolitical cyber activity we see there. Then I think the next layer where you start seeing differences is when you start peeling back, what sector am I working in, in which geography and who is targeting me there? So for example, we highlighted some of these groups in our latest report. You look at TA-505. They are a Russian criminal group. They mostly only target organizations in Asia and Europe. Right. So you don't have to really worry about them so much. Right? If you're based somewhere else in the world. Similarly APT-241 a geopolitical group affiliated with the Chinese government. It last year mostly targeted financial services organizations. And most of the organizations they targeted were in Singapore. Right. And so you start to look at the specifics in the nuance of what's going on. That's where the industry you're working in, and that geography of where you're located really determines what specific groups you're targeted with. And then each one of those groups obviously has their own sort of M.O. in terms of tools they use and tactics they use. Right. And if you're thinking about this from a defense point of view, it matters, right? It matters who's on offense, right? It matters because that's how you're going to target your defenses. Make sure that all of your tools protect against the tools that the attackers are using against you.

Max Havey [00:11:58] Definitely the sense of knowing your adversary. Like we were talking about last time you were on the pod here. Knowing your adversaries, the first step in knowing how to best protect yourself from said adversary, and more or less taking that sort of data to better fortify your defenses. As you look ahead at the year to come. So to circle back to a topic you brought up at the top of the pod here, generative AI,