Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In 2021, the cybersecurity industry was truly tested. Most notably, we uncovered the deeper fallout from the SolarWinds attacks, combatted the proliferation of advanced ransomware gangs and a surge in vulnerability exploitation, and saw fragile supply chain and critical infrastructure more targeted by attackers than ever. As global cyber defenders, predicting where the broad industry could be heading is a daunting task.

At the beginning of 2021, Emotet was considered to be the world’s most dangerous malware by Europol. The threat was first discovered in 2014 when it was acting as a banking trojan. Over the years, the malware evolved into one of the most relevant botnets in the threat landscape, often used to deliver other threats, such as Trickbot and Ryuk ransomware. Netskope detected Emotet during Oct 2020, using PowerShell and WMI to download and execute its payload.

It is prediction time once again, and we’ve polled some of our esteemed experts here at Netskope to see what’s piquing their interest with 2022 on the horizon. Much like our predictions last year, we’ve broken the list out into some longer shots and some pretty safe bets. Here’s what we think is in store for 2022.

The abuse of Google Drive to deliver malicious content continues, and two recent examples remind us how the flexibility of this cloud storage tool can be easily weaponized by malicious actors. And the spectrum of content that can be distributed, and victims that can be targeted is surprising.

In part two of a four-part series, Clint Pollock, principal solutions architect at Veracode, details how to use Veracode from the command line in the Cloud9 IDE to submit a static pipeline scan. Check out the video and step-by-step instructions below. It’s Clint Pollock, principal solutions architect, back for part two of our four-part series on using Veracode from the command line in Cloud9 IDE.

“Why focus on building your personal brand?” This was the first question that Elana Anderson, Chief Marketing Officer at Veracode, asked during her presentation Plotting the Course for Your Personal Brand at the recent Executive Women’s Forum (EWF). Anderson, a lifelong student of marketing, and a former analyst at Forrester Research, has a deep understanding of the importance of both corporate and personal brands and the steps necessary to both build and maintain a brand.

If the UK Government gets its way, IT service vendors and other cloud-based service providers may soon be required to adopt new measures to strengthen their cybersecurity, amid rising concerns about supply chain risks. The Department for Digital, Culture, Media and Sport (DCMS) has floated plans to make mandatory compliance with the National Cyber Security Centre’s Cyber Assessment Framework, which provides guidance for organisations responsible for vitally important services and activities.

Cloud-native transformations come with many security and troubleshooting challenges. Real-time intrusion detection and the prevention of continuously evolving threats is challenging for cloud-native applications in Kubernetes. Due to the ephemeral nature of pods, it is difficult to determine source or destination endpoints and limit their blast radius. Traditional perimeter-based firewalls are not ideal fit for Kubernetes and containers.

CloudFabrix solution provides a holistic approach for enterprises to implement proactive operations with the objective of eliminating/reducing critical incidents and improving customer satisfaction. The solution primarily relies on applying regression/forecasting models on any time-series data to detect and forecast anomalies. One of the unique features of the solution is the ability to convert unstructured data such as logs/incidents/alerts into time-series data to be used for running prediction models.

On Saturday November 13th, hundreds of thousands of recipients received an email from the FBI with the subject line of “Urgent: Threat actor in systems.” Thankfully for the recipients, it turned out the threat described in these emails wasn’t real as, unfortunately, the FBI had suffered an external email breach resulting in fake warning messages being sent out.