Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267
0

Highest percentage of cybercrime activity originates in Russia: Netskope Report, ETCIO SEA | #cybercrime | #computerhacker


Netskope, a leader in Secure Access Service Edge (SASE), today published its Cloud and Threat Report: Top Adversary Tactics and Techniques, focusing on the techniques and motivators that were most commonly detected in the first three quarters of 2023 among Netskope customers globally. Netskope saw a significant number of criminal adversaries attempting to infiltrate customer environments, with Russia-based Wizard Spider targeting more organisations than any other group.

Most pervasive threat groups

Netskope found that the top criminal adversary groups were based in Russia and Ukraine, and the top geopolitical threat groups were based in China. As the top group attempting to target users of the Netskope Security Cloud platform, Wizard Spider is a criminal adversary credited with creating the notorious, ever-evolving TrickBot malware. Other active criminal adversary groups relying heavily on ransomware included TA505, creators of Clop ransomware, and FIN7, who used REvil the ransomware and created the Darkside ransomware, while geopolitical threat groups were led by memupass and Aquatic Panda.

Geopolitical adversaries target specific regions and industries for their intellectual property, as opposed to financially motivated actors who develop playbooks optimised for replicable targeting, where they can recycle tactics and techniques with minimal customisation.

Vertical and regional threats

Based on Netskope findings, the financial services and healthcare industry verticals saw a significantly higher percentage of activity attributable to geopolitical threat groups. In those verticals, nearly half of activity observed comes from these adversaries, as opposed to financially motivated groups. Verticals such as manufacturing, state, local, education (SLED) and technology saw less than 15% of activity coming from geopolitical-motivated actors, with the remaining threats being financially motivated.

From a regional perspective, Australia and North America have the highest percentage of attacks from adversary activity attributable to criminal groups, while other parts of the world, such as Africa, Asia, Latin America, and the Middle East led in geopolitical motivated attacks.

Top techniques

Spearphishing links and attachments are the most popular techniques for initial access so far in 2023, and as of August, adversaries were three times more successful at tricking victims into downloading spearphishing attachments compared to the end of 2022. While email continues to be a common channel used by adversaries, the success rate is low due to advanced anti-phishing filters and user awareness. However, adversaries have found this recent success using personal email accounts.

So far in 2023, 16 times as many users attempted to download a phishing attachment from a personal webmail app compared to managed organization webmail apps. 55% of malware that users attempted to download was delivered via cloud apps, making cloud apps the number one vehicle for successful malware execution. The most popular cloud app in the enterprise, Microsoft OneDrive, was responsible for more than one-quarter of all cloud malware downloads.

“If organisations can look at who our top adversaries are and the incentives that motivate them, then you can look at your defenses and ask, ‘What protections do I have in place against those tactics and techniques? How will this help me hone in on what my defensive strategy should be?’” said Ray Canzanese, Threat Research Director, Netskope Threat Labs. “If you can defend effectively against the techniques outlined in the report, you’re defending effectively against a really wide swath of adversaries. No matter who you’re up against, you’ll have defenses in place.”

Key takeaways for organisations

Based on these uncovered techniques, Netskope recommends organisations evaluate their defenses to determine how their cybersecurity strategy needs to evolve. The most pervasive techniques organisations need to be prepared to defend against include:

  • Spearphishing Links and Attachments- Implement anti-phishing defenses that go beyond email to ensure that users are protected against spearphishing links, no matter where they originate
  • Malicious Links and Files- Ensure that high-risk file types, like executables and archives, are thoroughly inspected using a combination of static and dynamic analysis before being downloaded
  • Web Protocols and Exfiltration over C2 Channel- Detect and prevent adversary C2 traffic over web protocols using a SWG and an IPS to identify communication to known C2 infrastructure and common C2 patterns

  • Published On Oct 18, 2023 at 05:30 AM IST

Join the largest community of IT industry professionals in Southeast Asia

Subscribe to our newsletter to get latest insights & analysis.

Get updates on your preferred social platform

Follow us for the latest news, insider access to events and more.

——————————————————–


Click Here For The Original Source.

Translate