On March 2, Microsoft released patches for four zero-day vulnerabilities affecting Exchange Server 2013, 2016, and 2019 (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065). In the following weeks, attackers have been aggressively targeting vulnerable servers to install web shells that provide persistent remote access to infected servers. On March 9, attackers began installing a new ransomware variant known as DearCry or DoejoCrypt on infected servers.

On this one-year anniversary of the COVID-19 pandemic declaration from the World Health Organization (WHO), let’s check back in on the remote work stats for the past year.

Leaky cloud services are a major concern these days. As more and more organizations move their data and applications to the cloud, ensuring new forms of collaboration and agility for their workforce, setup errors and misconfigurations (or even the lack of understanding of the shared responsibility model) pose a serious risk for the new, enlarged corporate perimeter. So far, in 2021, I have collected 12 major breaches fueled by cloud misconfigurations, and I wonder how many flew under the radar.

Traditional security programs were predicated on protecting the typically internally hosted technology infrastructure and the data within that environment. This led to an ecosystem composed of numerous discrete tools and processes all intended to detect adversaries and prevent harm. It included a multitude of controls spanning network and infrastructure security, application security, access control, and process controls.

Hancitor (AKA CHanitor, Tordal) is a popular macro-based malware distributed via malicious Office documents delivered through malspam. In the latest campaigns, particularly active between October and December 2020, the malware has been distributed via DocuSign-themed emails asking the victims to review and sign a document. The fake DocuSign link downloads a Microsoft Word document whose malicious macro, once enabled, installs the Hancitor malware.

All organizations want to take advantage of the cost savings, operational efficiency, and improved capabilities that a shift to the cloud provides. But having the right protections in place is key to make sure not only your users are protected, but that your sensitive data is also protected. Especially as workforces become increasingly remote, improved functionality and cloud security are both must-haves for any organization.

The number of cloud apps being used in the enterprise increased by 20% in 2020, when the COVID-19 pandemic caused a sudden and dramatic shift to remote work for knowledge workers worldwide. Individuals, teams, and organizations all turned to cloud apps to help address some of the new challenges of remote work. The increase in the number of cloud apps was led by an increase in consumer and collaboration apps, the fasting spreading of which included Discord, Zoom, Lumin PDF, and…Xbox LIVE?

The Cloud Threats Memo is a weekly series from Paolo Passeri, digging into a recent cloud threat and highlighting how Netskope can best help mitigate it. Just a few months after their debut in November 2020, the new ARM-based Mac M1 Processors have already attracted the unwanted attention of cybercriminals with two adware samples, the details of which have been revealed over the past few days.

In December, Netskope Threat Labs presented our work, “Cloud as an Attack Vector,” at the 23rd International AVAR Cybersecurity Conference. The Association of Antivirus Asia Researchers (AVAR) is a non-profit organization with members from 17 countries and facilitates knowledge sharing, professional development, networking, and partnering for cybersecurity experts and organizations. Ours was one of 27 presentations from 14 different countries featured at the conference.

The Cloud Threats Memo is a weekly series from Paolo Passeri, digging into a recent cloud threat and highlighting how Netskope can best help mitigate it. The Anti-Phishing Working Group has recently released its Q4 Phishing Trends Report 2020, which analyzes the top phishing attacks and other identity theft techniques, as reported by the members of the group.