COMPANY NEWS: Netskope Threat Labs, a leader in Secure Access Service Edge (SASE) has releaseed new data which found that, over the past 12 months, 66% of the attributable malware targeted at its customers was linked to state-funded attack groups.
Netskope reveals that the largest share of malware attacks came from North Korean threat groups, with Chinese and Russian groups as second and third most prevalent - and a growing number of attacks use cloud applications as a point of entry and exfiltration.
“The research also reveals North Korea, China, and Russia’s differing strategic objectives drive very different approaches to cyber attacks, leading to their widely varying ‘market share’ in the threat landscape,” says Netskope.
“Currently, North Korea accounts for the largest share of malware attacks globally. Unlike Russia and China, North Korea’s campaigns are primarily financially motivated, leveraging cybercrime and cryptocurrency theft to fund military programmes. As a result, it targets non-specific population groups in its quest to maximise profits.
“In contrast, Russia and China use cyberattacks to target their global adversaries’ critical infrastructure and high-value targets to cause targeted but high-impact disruption and damage. This means that Russia and China’s share of overall malware attacks is smaller, but the national impact of their attacks has the potential to be more disruptive.”
Sanjay Beri, CEO and co-founder of Netskope said:
“There is no doubt that we are witnessing a global escalation of cyber attacks carried out by nation state actors as a form of “quiet war” on nation states that are currently officially at peace.
“Under the surface of this worldwide escalation is a varied picture of different states pursuing widely divergent cyberattack strategies. The difference between North Korea’s cyber ‘carpet bombing’ and Russia’s ‘precision strikes’ means that if you’ve fallen victim to an online phishing attack, it’s unlikely that Russian government-backed actors were the cause. If, however, a critical piece of national infrastructure is down, then it’s more likely that they are.
“Understanding these nuances is critical for businesses and individuals operating in today’s connected world - because the first and most important step in putting in place the best cyber defence strategy is understanding who is targeting you, what their goals are, and how they’re trying to achieve them.”
Beri notes that recent research from Netskope Threat Labs has also found that approximately 50% of all global malware downloads now originate from popular cloud apps - and the average global worker regularly interacts with 24 cloud apps each month, with Microsoft tools such as OneDrive (51%), SharePoint (28%) and Teams (22%) being highly favoured.
“The top cloud apps abused for malware download in the last 12 months are OneDrive (26%), GitHub (13%) and SharePoint (12%). Today’s data further proves that businesses will need to enhance their security measures to cloud-native security systems to help prevent such malware attacks.”
About the research
All figures correct as of 8th October 2024. These findings are based on 12 months of data collated about the malicious threats found in Netskope customer environments, which the Netskope Threat Labs team attributed to specific threat actors using multiple sources of information and correlation.
About Netskope
Netskope, a global SASE leader, helps organisations apply zero trust principles and AI/ML innovations to protect data and defend against cyber threats. Fast and easy to use, the Netskope One platform and its patented Zero Trust Engine provide optimised access and real-time security for people, devices, and data anywhere they go. Thousands of customers trust Netskope and its powerful NewEdge network to reduce risk and gain unrivalled visibility into any cloud, web, and private application activity—providing security and accelerating performance without trade-offs. Learn more at netskope.com.