## The Increasing Use of HTTP and HTTPS
Netskope‘s research found that HTTP and HTTPS over ports 80 and 443 are the primary communication channels used by attackers to evade detection. An analysis of attacker communication channels revealed that, for most of the new malware executables analyzed by Netskope that communicated with external hosts, 85% used port 80 (HTTP), while 67% did so over port 443 (HTTPS). Attackers’ approach enables them to go unnoticed and blend in with the abundance of HTTP and HTTPS traffic already present in the network. In addition to this, some malware samples sidestep DNS lookups to evade DNS-based security controls, reaching out directly to remote hosts using their IP addresses. To put things into perspective, most malware samples that initiated external communication did so using a combination of IP addresses and hostnames, with 61% communicating directly with at least one IP address and 91% communicating with at least one host via a DNS lookup.
## Social Engineering Techniques
Netskope‘s Cloud & Threat Report also highlights that, in Q1 2023, nearly 10% of all malware downloads were referred from search engines, and most of these downloads resulted from weaponized data voids. Weaponized data voids are combinations of search terms that have very few results, and any content matching those terms is likely to appear very high in the search results, leading to a higher probability of users downloading malware.
## Enterprise Cloud Applications
Netskope‘s research also revealed that 55% of HTTP/HTTPS malware downloads came from cloud apps, up from 35% for the same period one year earlier. The primary driver of the increase is an increase in malware downloads from the most popular enterprise cloud applications, with Microsoft OneDrive tracked as the most popular enterprise app by a wide margin. The number of applications with malware downloads also continued to increase, reaching a high of 261 distinct apps in Q1 2023.
## Cross-functional Collaboration Across Multiple Teams
As attackers become more sophisticated in their approach, and the threat environment becomes more complex, cross-functional collaboration across multiple teams is essential to help defend against the onslaught of malware. In the report, Netskope recommends several steps that organizations should take to reduce risks, including inspecting all HTTP and HTTPS downloads to prevent malware infiltrating the network, ensuring that security controls recursively inspect the content of popular archive files, and configuring policies to block downloads from apps that are not used in their organization.
According to Ray Canzanese, Netskope Threat Labs’ Threat Research Director, “as attackers gravitate towards cloud services that are widely used in the enterprise and leverage popular channels to communicate, cross-functional risk mitigation is more necessary than ever.” Enterprises should take a proactive security approach to reduce the likelihood of being impacted by a cyber attack, and keeping abreast of the latest trends in malware is an essential aspect of this.
In conclusion, all enterprises should take cybersecurity seriously and implement a zero-trust approach to protect their data. Netskope‘s Cloud & Threat Report provides useful recommendations on reducing risk and ensuring security in response to emerging cyber threats, such as social engineering and malware attacks.
<< photo by cottonbro studio >>
You might want to read !
- PHP Community on Alert as Hacker Poisons Packagist Supply Chain in Quest for Job
- Mandiant Report Reveals Decrease in Dwell Time and Rise of Ransomware and Extortion Attacks
- Exploit Chain in Netgear Routers Exposed: Implications and Security Concerns
- Google’s Handling of Multiple Zero-Day Exploits Raises Questions
- Rising security concerns as hackers leverage an old-school weapon: the ‘Shift’ key to exploit npm packages
- Malware Misdirection: Attackers Using Popular CDNs as Cover
