Quantify the value of Netskope One SSE – Get the 2024 Forrester Total Economic Impact™ study

cerrar
cerrar
  • Por qué Netskope chevron

    Cambiar la forma en que las redes y la seguridad trabajan juntas.

  • Nuestros clientes chevron

    Netskope atiende a más de 3.400 clientes en todo el mundo, incluidos más de 30 de las 100 empresas más importantes de Fortune

  • Nuestros Partners chevron

    Nos asociamos con líderes en seguridad para ayudarlo a asegurar su viaje a la nube.

Líder en SSE. Ahora es líder en SASE de un solo proveedor.

Descubre por qué Netskope debutó como Líder en el Cuadrante Mágico de Gartner® 2024 para Secure Access Service Edge (SASE) de Proveedor Único.

Obtenga el informe
Testimonios de Clientes

Lea cómo los clientes innovadores navegan con éxito por el cambiante panorama actual de las redes y la seguridad a través de la Plataforma Netskope One.

Obtenga el eBook
Testimonios de Clientes
La estrategia de venta centrada en el partner de Netskope permite a nuestros canales maximizar su expansión y rentabilidad y, al mismo tiempo, transformar la seguridad de su empresa.

Más información sobre los socios de Netskope
Grupo de jóvenes profesionales diversos sonriendo
Tu red del mañana

Planifique su camino hacia una red más rápida, más segura y más resistente diseñada para las aplicaciones y los usuarios a los que da soporte.

Obtenga el whitepaper
Tu red del mañana
Netskope Cloud Exchange

Cloud Exchange (CE) de Netskope ofrece a sus clientes herramientas de integración eficaces para que saquen partido a su inversión en estrategias de seguridad.

Más información sobre Cloud Exchange
Vista aérea de una ciudad
  • Security Service Edge chevron

    Protéjase contra las amenazas avanzadas y en la nube y salvaguarde los datos en todos los vectores.

  • SD-WAN chevron

    Proporcione con confianza un acceso seguro y de alto rendimiento a cada usuario remoto, dispositivo, sitio y nube.

  • Secure Access Service Edge chevron

    Netskope One SASE proporciona una solución SASE nativa en la nube, totalmente convergente y de un único proveedor.

La plataforma del futuro es Netskope

Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG) y Private Access for ZTNA integrados de forma nativa en una única solución para ayudar a todas las empresas en su viaje hacia la arquitectura Secure Access Service Edge (SASE).

Todos los productos
Vídeo de Netskope
Next Gen SASE Branch es híbrida: conectada, segura y automatizada

Netskope Next Gen SASE Branch converge Context-Aware SASE Fabric, Zero-Trust Hybrid Security y SkopeAI-Powered Cloud Orchestrator en una oferta de nube unificada, marcando el comienzo de una experiencia de sucursal completamente modernizada para la empresa sin fronteras.

Obtenga más información sobre Next Gen SASE Branch
Personas en la oficina de espacios abiertos.
Arquitectura SASE para principiantes

Obtenga un ejemplar gratuito del único manual que necesitará sobre diseño de una arquitectura SASE.

Obtenga el eBook
Libro electrónico de arquitectura SASE para principiantes
Cambie a los servicios de seguridad en la nube líderes del mercado con una latencia mínima y una alta fiabilidad.

Más información sobre NewEdge
Autopista iluminada a través de las curvas de la ladera de la montaña
Habilite de forma segura el uso de aplicaciones de IA generativa con control de acceso a aplicaciones, capacitación de usuarios en tiempo real y la mejor protección de datos de su clase.

Descubra cómo aseguramos el uso generativo de IA
Habilite de forma segura ChatGPT y IA generativa
Soluciones de confianza cero para implementaciones de SSE y SASE

Más información sobre Confianza Cero
Conducción en barco en mar abierto
Netskope logra la alta autorización FedRAMP

Elija Netskope GovCloud para acelerar la transformación de su agencia.

Más información sobre Netskope GovCloud
Netskope GovCloud
  • Recursos chevron

    Obtenga más información sobre cómo Netskope puede ayudarle a proteger su viaje hacia la nube.

  • Blog chevron

    Descubra cómo Netskope permite la transformación de la seguridad y las redes a través del perímetro de servicio de acceso seguro (SASE)

  • Eventos y Talleres chevron

    Manténgase a la vanguardia de las últimas tendencias de seguridad y conéctese con sus pares.

  • Seguridad definida chevron

    Todo lo que necesitas saber en nuestra enciclopedia de ciberseguridad.

Podcast Security Visionaries

Predicciones para 2025
En este episodio de Security Visionaries, nos acompaña Kiersten Todt, presidenta de Wondros y ex jefa de personal de la Agencia de Seguridad de Infraestructura y Ciberseguridad (CISA), para analizar las predicciones para 2025 y más allá.

Reproducir el pódcast Ver todos los podcasts
Predicciones para 2025
Últimos blogs

Lea cómo Netskope puede habilitar el viaje hacia Zero Trust y SASE a través de las capacidades de perímetro de servicio de acceso seguro (SASE).

Lea el blog
Amanecer y cielo nublado
SASE Week 2024 bajo demanda

Aprenda a navegar por los últimos avances en SASE y Zero Trust y explore cómo estos marcos se están adaptando para abordar los desafíos de ciberseguridad e infraestructura

Explorar sesiones
SASE Week 2024
¿Qué es SASE?

Infórmese sobre la futura convergencia de las herramientas de red y seguridad en el modelo de negocio actual de la nube.

Conozca el SASE
  • Empresa chevron

    Le ayudamos a mantenerse a la vanguardia de los desafíos de seguridad de la nube, los datos y la red.

  • Ofertas de Trabajo chevron

    Únase a los +3,000 increíbles miembros del equipo de Netskopeque construyen la plataforma de seguridad nativa en la nube líder en el sector.

  • Soluciones para clientes chevron

    Le apoyamos en cada paso del camino, garantizando su éxito con Netskope.

  • Formación y Acreditaciones chevron

    La formación de Netskope le ayudará a convertirse en un experto en seguridad en la nube.

Apoyar la sostenibilidad a través de la seguridad de los datos

Netskope se enorgullece de participar en Vision 2045: una iniciativa destinada a crear conciencia sobre el papel de la industria privada en la sostenibilidad.

Descubra más
Apoyando la sustentabilidad a través de la seguridad de los datos
Ayude a dar forma al futuro de la seguridad en la nube

At Netskope, founders and leaders work shoulder-to-shoulder with their colleagues, even the most renowned experts check their egos at the door, and the best ideas win.

Únete al equipo
Empleo en Netskope
Netskope dedicated service and support professionals will ensure you successful deploy and experience the full value of our platform.

Ir a Soluciones para clientes
Servicios profesionales de Netskope
Asegure su viaje de transformación digital y aproveche al máximo sus aplicaciones en la nube, web y privadas con la capacitación de Netskope.

Infórmese sobre Capacitaciones y Certificaciones
Grupo de jóvenes profesionales que trabajan

Netskope Threat Labs Stats for January 2023

Feb 21 2023

Starting with January 2023, Netskope Threat Labs will publish a monthly summary blog post of the top threats we are tracking on the Netskope Security Cloud platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide.

Summary

  • Attackers continue to attempt to fly under the radar by using cloud apps to deliver malware, with 54% of all malware downloads in January originating from 142 cloud apps.
  • ZIP files are gaining popularity among attackers who use the archive format to try to evade defenses and avoid suspicion. 21% of all malware downloads in January were ZIP files.
  • Trojans continue to represent the majority of malware downloads, used to deliver payloads such as the infostealer AgentTesla and the ransomware Vice Society.

Cloud Malware Delivery

Attackers attempt to fly under the radar by delivering malicious content via popular cloud apps. Abusing cloud apps for malware delivery enables attackers to evade security controls that rely primarily on domain block lists and URL filtering, or that do not inspect cloud traffic. In January 2023, 54% of all HTTP/HTTPS malware downloads originated from popular cloud apps, increasing for the third consecutive month and reaching the highest levels in the past six months.

The increase in cloud malware downloads is driven partially by an increase in the number of distinct cloud apps from which malware are being downloaded. In January 2023, Netskope detected malware downloads from 142 cloud apps.

Attackers enjoy the most success reaching enterprise users when they abuse cloud apps that are already popular in the enterprise. Microsoft OneDrive, the most popular enterprise cloud app, has held the top spot for the most cloud malware downloads for more than six months. The other top apps for malware downloads include free web hosting services (Weebly), cloud storage apps (Amazon S3, Dropbox, Google Drive), collaboration apps (Sharepoint), webmail apps (Google Gmail, Outlook.com), and free software hosting sites (GitHub, SourceForge).

At 78% of cloud malware downloads, the top eight apps accounted for more malware downloads in January than they had anytime in the previous six months. A relative increase in malware downloads from Amazon S3 propelled it into the top five for only the second time in the past six months, while the remaining top apps remained relatively unchanged. The top ten list is a reflection of attacker tactics, user behavior, and company policy.

Top Malware File Types

By file type, Microsoft Windows Portable Executable files (EXE/DLL) accounted for the plurality of malware downloads in January, as they have for at least the past six months. Delivering malware in archive files, particularly ZIP files, has been gradually increasing and hit a six-month high in January at 21%, as attackers attempt to evade detection by hiding malware in ZIP files. PDF files have been exhibiting the opposite trend, gradually decreasing and hitting a six-month low in January. The popularity of other file types remains largely unchanged, as attackers continue to use a wide variety of file types to target their victims.

Top Malware Families

Attackers are constantly creating new malware families and new variants of existing families, either as an attempt to bypass security solutions or to update their malware’s capabilities. In January 2023, 58% of all malware downloads detected by Netskope were either new families or new variants that had not been observed in the preceding six months. The other 42% were samples that had been observed during the preceding six months and are still circulating in the wild.

By volume, Netskope blocks more Trojans than any other malware type. Trojans are commonly used by attackers to gain an initial foothold and to deliver other types of malware, such as infostealers, remote access trojans, backdoors, and ransomware. Other top malware types include phishing lures (typically PDF files designed to lure victims into phishing scams), viruses that can self-propagate, downloaders that deliver additional payloads, and infostealers whose primary purpose is stealing information (especially passwords, tokens, and cookies).

The following list contains the top malware and ransomware families blocked by Netskope in January 2023:

  • Backdoor.Zusy (a.k.a. TinyBanker) is a banking trojan based on the source code of Zeus, aiming to steal personal information via code injection into websites. Details
  • Downloader.Guloader is a small downloader known for delivering RAT and infostealers, such as AgentTesla, Formbook, and Remcos. Details
  • Infostealer.AgentTesla is a .NET-based Remote Access Trojan with many capabilities, such as stealing browser’s passwords, capturing keystrokes, clipboard, etc. Details
  • Infostealer.ClipBanker is an infostealer that steals banking information among other data and is typically spread via emails and social media Details
  • Infostealer.Fareit (a.k.a Siplog, Pony) is both an infostealer and botnet, stealing credentials from VPNs, browsers, and more. Details
  • Phishing.PhishingX is a malicious PDF file used as part of a phishing campaign to redirect victims to a phishing page.
  • RAT.Remcos is a remote access trojan that provides an extensive list of features to remotely control devices, and it’s popularly abused by many attackers. Details
  • Ransomware.Crysis (a.k.a Arena, Dharma, Wadhrama, ncov) is a ransomware variant typically installed by attackers who gain initial access via RDP. Details
  • Ransomware.ViceSociety is a ransomware variant known to be used to target healthcare and educational institutions. Details
  • Trojan.Valyria (a.k.a. POWERSTATS) is a family of malicious Microsoft Office Documents that contain embedded malicious VBScripts usually to deliver other malicious payloads. Details

Recommendations

Attackers have always sought to evade detection and avoid suspicion in delivering malware. Two strategies that attackers have been using increasingly in the past six months are to deliver malware by abusing cloud apps and to package malware in ZIP files. Netskope Threat Labs recommends that you review your security posture to ensure that you are adequately protected against both of these trends:

  • Inspect all HTTP and HTTPs downloads, including all web and cloud traffic, to prevent malware from infiltrating your network. Netskope customers can configure their Netskope NG-SWG with a Threat Protection policy that applies to downloads from all categories and applies to all file types.
  • Ensure that your security controls recursively inspect the content of popular archive files such as ZIP files for malicious content. Netskope Advanced Threat Protection recursively inspects the content of archives, including ISO, TAR, RAR, 7Z, and ZIP.
  • Ensure that high-risk file types like executables and archives are thoroughly inspected using a combination of static and dynamic analysis before being downloaded. Netskope Advanced Threat Protection customers can use a Patient Zero Prevention Policy to hold downloads until they have been fully inspected.
  • Configure policies to block downloads from apps that are not used in your organization to reduce your risk surface to only those apps and instances that are necessary for the business.
  • Block downloads of all risky file types from newly registered domains and newly observed domains.

In addition to recommendations above, Remote Browser Isolation (RBI) technology can provide additional protection when there is a need to visit websites that fall in categories that can present higher risk, like Newly Observed and Newly Registered Domains.

About This Report

Netskope provides threat and data protection to millions of users worldwide. Information presented in this report is based on anonymized usage data collected by the Netskope Security Cloud platform relating to a subset of Netskope customers with prior authorization. This report contains information about detections raised by Netskope’s Next Generation Secure Web Gateway (SWG), not considering the significance of the impact of each individual threat. Stats in this report are based on the period starting July 1, 2022 through January 31, 2023. Stats are reflection of attacker tactics, user behavior, and organization policy.

author image
Ray Canzanese
Ray is the Director of Netskope Threat Labs, which specializes in cloud-focused threat research. His background is in software anti-tamper, malware detection and classification, cloud security, sequential detection, and machine learning.
Ray is the Director of Netskope Threat Labs, which specializes in cloud-focused threat research. His background is in software anti-tamper, malware detection and classification, cloud security, sequential detection, and machine learning.

Stay informed!

Suscríbase para recibir lo último del blog de Netskope