Netskope: Attackers Double Down On Social Engineering Techniques & Malicious Functionalities Leading To Sharp Increase In Malware Downloads

- Advertisement -

Netskope, a leader in Secure Access Service Edge (SASE), today unveiled new research confirming that attackers are finding new ways to evade detection and blend in with normal network traffic using HTTP and HTTPS to deliver malware. In its latest Cloud & Threat Report: Global Cloud and Web Malware Trends, Netskope identified that on average, five out of every 1,000 enterprise users attempted to download malware in Q1 2023, and new malware families and variants represented 72% of those malware downloads. 

Social Engineering and Search Engine Data Voids on the Rise

In the research, Netskope uncovered that nearly 10% of all malware downloads in Q1 were referred from search engines. These downloads mostly resulted from weaponized data voids, or combinations of search terms that have very few results, which means that any content matching those terms is likely to appear very high in the search results. This represents just one of many social engineering techniques that attackers are accelerating.

- Advertisement -

Social engineering as a whole continues to dominate as a leading malware infiltration technique with attackers abusing not only search engines, but email, collaboration apps, and chat apps to trick their victims. As the top two malware types, Trojans accounted for 60% of malware downloads in Q1 and phishing downloads accounted for 13%.

Evaluation of Primary Communication Channels for Attackers 

For the first time in its quarterly cloud and threat reporting, Netskope analyzed attacker communication channels. Researchers found that attackers, in order to consistently evade detection, have used HTTP and HTTPS over ports 80 and 443 as their primary communication channel. In fact, of the new malware executables analyzed by Netskope that communicated with external hosts, 85% did so over port 80 (HTTP) and 67% did so over port 443 (HTTPS). This approach enables attackers to easily go unnoticed and blend in with the abundance of HTTP and HTTPS traffic already on the network. 

Additionally, to evade DNS-based security controls, some malware samples sidestep DNS lookups, instead reaching out directly to remote hosts using their IP addresses. In Q1 2023, most malware samples that initiated external communications did so using a combination of IP addresses and hostnames, with 61% communicating directly with at least one IP address and 91% communicating with at least one host via a DNS lookup.

“Job number one for attackers is finding new ways to cover their tracks as enterprises put more resources into threat detection, but these findings indicate just how easy it still is for attackers to do so in plain sight,” said Ray Canzanese, Threat Research Director, Netskope Threat Labs. “As attackers gravitate towards cloud services that are widely used in the enterprise and leverage popular channels to communicate, cross-functional risk mitigation is more necessary than ever.” 

Extended Look into Global Cloud and Web Malware Trends

Other notable findings uncovered by Netskope’s research team include: 

  • 55% of HTTP/HTTPS malware downloads came from cloud apps, up from 35% for the same period one year earlier. The primary driver of the increase is an increase in malware downloads from the most popular enterprise cloud applications, with Microsoft OneDrive tracked as the most popular enterprise app by a wide margin.
  • The number of applications with malware downloads also continued to increase, reaching a high of 261 distinct apps in Q1 2023. 
  • Only a small fraction of total web malware downloads were delivered over web categories traditionally considered risky. Instead, downloads are spread out among a wide variety of sites, with content servers (CDNs) responsible for the largest slice, at 7.7%.

As enterprises work to defend against the onslaught of malware, cross-functional collaboration across multiple teams is required, including network, security operations, incident response, leadership, and even individual contributors. Some of the additional steps organizations can take to reduce risks include:  

  • Inspect all HTTP and HTTPS downloads, including all web and cloud traffic, to prevent malware from infiltrating your network
  • Ensure that security controls recursively inspect the content of popular archive files and that high-risk file types are thoroughly inspected 
  • Configure policies to block downloads from apps that are not used in your organization to reduce risk surface.
- Advertisement -

Most Popular Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here
Captcha verification failed!
CAPTCHA user score failed. Please contact us!

Exclusive

Report Suggests India’s EV Sales Will Surge, Rising 66% In 2024

0
In 2023, sales of electric vehicles (EVs) in India almost doubled due to increased consumer interest, government actions, better infrastructure, and climate change worries....

Ascend Performance Materials: Pioneering Innovation in the Electronics Sector

0
Bridging material advancements in plastics and technological progress, Ascend leads with customised solutions for a safer, reliable and greener tomorrow. Q. How would you explain...

DigiKey Expands Portfolio With 3PEAK

0
This collaboration adds amplifiers, interface components, data converters, and more, catering to industries such as communication, industrial, medical, and automotive.  In a strategic move aimed...

Buzz

CleanMax Alliance With Apple To Boost Renewable Energy In India

0
These installations are anticipated to reduce approximately 207,000 tons of CO2 emissions over their operational lifespan. CleanMax announced a significant joint venture with technology giant...

Ramkrishna Forgings To Supply Powertrain Parts To Top US Electric Carmaker

0
Indian producer of rolled, forged, and machined products enter the US electric vehicle market for the first time. Ramkrishna Forgings, an Indian supplier of rolled,...

Microsoft’s $1.5B AI Venture In UAE Stirs Global Interest

0
New partnership with G42 promises transformative AI advancements in emerging markets, impacting tech and geopolitics. Microsoft has announced a strategic $1.5 billion investment in UAE-based...

Important Sectors

CleanMax Alliance With Apple To Boost Renewable Energy In India

0
These installations are anticipated to reduce approximately 207,000 tons of CO2 emissions over their operational lifespan. CleanMax announced a significant joint venture with technology giant...

Ramkrishna Forgings To Supply Powertrain Parts To Top US Electric Carmaker

0
Indian producer of rolled, forged, and machined products enter the US electric vehicle market for the first time. Ramkrishna Forgings, an Indian supplier of rolled,...

Tesla Power, E-Ashwa To Introduce India’s First EV With Fire Safety Tech

0
The partnership also expands to include the provision of after-sales support for electric vehicle customers by establishing a comprehensive network of sales and service...

Elektrobit Introduces EB zoneo GatewayCore Featuring Infineon’s AURIX TC4x

0
The EB zoneo GatewayCore is designed to connect hardware-dependent accelerators with the Classic AUTOSAR framework, providing adaptable support for intricate routing scenarios. Elektrobit, a premier...

Raptee’s Cell Chemistry Extends Battery Life, Says Dinesh Arjun

0
The Co-founder and CEO of Raptee disclosed that the company is currently sourcing its cells from a variety of countries. Dinesh Arjun, the Co-founder and...

Manufacturing

Ramkrishna Forgings To Supply Powertrain Parts To Top US Electric Carmaker

0
Indian producer of rolled, forged, and machined products enter the US electric vehicle market for the first time. Ramkrishna Forgings, an Indian supplier of rolled,...

AVL And Red Bull To Create High-Density Fuel Cell Technology

0
The advanced technology, featuring ultra-high power density and a lightweight design, is said to be two-thirds lighter than traditional fuel cell systems. This partnership...

JJG Aero Secures $12 Million Investment From CX Partners

0
The Bengaluru-based aerospace components manufacturer intends to use the funds primarily to enhance vertical integration, increase production capacity at the new site, and support...

Tata Electronics Finalizes Semiconductor Agreement With Tesla

0
Ashok Chandak, the head of the India Electronics and Semiconductor Association (IESA), highlighted that Tesla’s initiative to establish a network of domestic suppliers for...

Sterling Tools Targets 40% of Sales from EV Business by FY25

0
This increase is anticipated to come from the EV business segment, which is integral to the company's strategy to diversify its operations. With a certain...