Cloud Security, Critical Infrastructure Security

Russia-based Wizard Spider is Top Threat Group: Netskope Report

Drive-by-login attack identified and used in lieu of spear phishing campaigns

Netskope Security Cloud platform users were most commonly targeted by criminal adversaries in the first nine months of 2023, according to the company's Cloud and Threat Report.

Here are the takeaways from the report include:

  • The top criminal adversary groups were based in Russia and Ukraine.
  • The top geopolitical threat groups were based in China.
  • Russia-based Wizard Spider was the most prominent criminal adversary group to target Netskope customers; this group is known for creating the TrickBot malware.
  • In the financial services and healthcare verticals, nearly half of the activity observed came from geopolitical threat groups.
  • Australia and North America had the highest percentage of attacks from adversary activity attributable to criminal groups, while other parts of the world led in geopolitically motivated attacks.

Spear-Phishing Is the Top Technique Used by Criminal Adversaries

To date in 2023, spear-phishing links and attachments were the most popular techniques for criminal adversaries to gain initial access to victims' systems and data, Netskope stated. These adversaries were three times more successful at tricking victims into downloading spear-phishing attachments in comparison to the end of 2022.

Furthermore, criminal adversaries continue to use emails to attack victims, Netskope indicated. The success rate of email-based attacks is low due to advanced anti-phishing filters and user awareness. But criminal adversaries have been successful launching attacks against personal email accounts. This is reflected in the fact that Netskope found that 16 times as many users have attempted to download a phishing attachment from a personal webmail app compared to managed organization webmail apps.

Also, cloud apps deliver 55% of malware that users attempted to download, Netskope reported. As such, cloud apps ranked first among the vehicles used to successfully execute malware attacks.

Tips for Organizations to Defend Against Pervasive Cybercrime Techniques

Netskope recommends that organizations evaluate their defenses to figure out how their cybersecurity strategy needs to evolve. It also provides the following tips to defend against spear-phishing and other cybercrime techniques:

  • Implement anti-phishing defenses to ensure that end-users are protected against spear-phishing links, regardless of where they originate.
  • Ensure that executables, archives and other high-risk file types are inspected using static and dynamic analyses before they are downloaded.
  • Detect and prevent adversary command-and-control (C2) traffic over web protocols using a secure web gateway and intrusion prevention system to identify communications to known C2 infrastructure and common C2 patterns.

MSSPs can share these tips with their customers. They can also provide security services to help their customers keep pace with current and emerging threats.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.