Netskope Threat Labs: Highest Percentage of Cybercrime Activity Originates in Russia, While China is Most Geopolitically Motivated

0
112
Netskope Is First Vendor To Deliver Security Service Edge Globally With A Seamless, Localized Experience
Netskope Is First Vendor To Deliver Security Service Edge Globally With A Seamless, Localized Experience

New research uncovers most popular techniques and motivators used by adversaries in 2023.

Bangalore, India, October 17, 2023 Netskope, a leader in Secure Access Service Edge (SASE), today published its Cloud and Threat Report: Top Adversary Tactics and Techniques, focusing on the techniques and motivators that were most commonly detected in the first three quarters of 2023 among Netskope customers globally. Netskope saw a significant number of criminal adversaries attempting to infiltrate customer environments, with Russia-based Wizard Spider targeting more organisations than any other group.

Most Pervasive Threat Groups

Netskope found that the top criminal adversary groups were based in Russia and Ukraine, and the top geopolitical threat groups were based in China. As the top group attempting to target users of the Netskope Security Cloud platform, Wizard Spider is a criminal adversary credited with creating the notorious, ever-evolving TrickBot malware. Other active criminal adversary groups relying heavily on ransomware included TA505, creators of Clop ransomware, and FIN7, who used REvil the ransomware and created the Darkside ransomware, while geopolitical threat groups were led by memupass and Aquatic Panda.

Geopolitical adversaries target specific regions and industries for their intellectual property, as opposed to financially motivated actors who develop playbooks optimised for replicable targeting, where they can recycle tactics and techniques with minimal customization.

Vertical and regional threats

Based on Netskope findings, the financial services and healthcare industry verticals saw a significantly higher percentage of activity attributable to geopolitical threat groups. In those verticals, nearly half of the activity observed comes from these adversaries, as opposed to financially motivated groups. Verticals such as manufacturing, state, local, education (SLED), and technology saw less than 15% of activity coming from geopolitical-motivated actors, with the remaining threats being financially motivated.

From a regional perspective, Australia and North America have the highest percentage of attacks from adversary activity attributable to criminal groups, while other parts of the world, such as Africa, Asia, Latin America, and the Middle East, have led to geopolitically motivated attacks.

Top Techniques

Spearphishing links and attachments are the most popular techniques for initial access so far in 2023, and as of August, adversaries were three times more successful at tricking victims into downloading spearphishing attachments compared to the end of 2022. While email continues to be a common channel used by adversaries, the success rate is low due to advanced anti-phishing filters and user awareness. However, adversaries have found recent success using personal email accounts.

So far in 2023, 16 times as many users attempted to download a phishing attachment from a personal webmail app compared to managed organisation webmail apps. 55% of the malware that users attempted to download was delivered via cloud apps, making cloud apps the number one vehicle for successful malware execution. The most popular cloud app in the enterprise, Microsoft OneDrive, was responsible for more than one-quarter of all cloud malware downloads.

“If organisations can look at who our top adversaries are and the incentives that motivate them, then you can look at your defences and ask, ‘What protections do I have in place against those tactics and techniques? How will this help me hone in on what my defensive strategy should be?’” said Ray Canzanese, Threat Research Director, Netskope Threat Labs. “If you can defend effectively against the techniques outlined in the report, you’re defending effectively against a really wide swath of adversaries. No matter who you’re up against, you’ll have defences in place.”

Key Takeaways for Organisations

Based on these uncovered techniques, Netskope recommends organisations evaluate their defences to determine how their cybersecurity strategy needs to evolve. The most pervasive techniques organisations need to be prepared to defend against include:

  • Spearphishing Links and Attachments: Implement anti-phishing defences that go beyond email to ensure that users are protected against spearphishing links, no matter where they originate.
  • Malicious Links and Files: Ensure that high-risk file types, like executables and archives, are thoroughly inspected using a combination of static and dynamic analysis before being downloaded.
  • Web Protocols and Exfiltration over the C2 Channel: Detect and prevent adversary C2 traffic over web protocols using a SWG and an IPS to identify communication to known C2 infrastructure and common C2 patterns.

Download the full Cloud and Threat Report: Top Adversary Tactics and Techniques here. For more information on cloud-enabled threats and the latest findings from Netskope Threat Labs, visit Netskope’s Threat Research Hub.

Also readA Journey of Tech Leadership: Empowering Transparency in the Salon Industry with SalonTym

Do FollowCIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter

About us:

CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics.