Skip links

Malware goes regional as attackers change tactics

Most malware attacks now originate from the same region as the victim, according to a new report, a sign that malicious actors are changing their tactics.

The findings come from research by cloud security outfit Netskope, which compiled its new Cloud and Threat Report from trends observed over the last 12 months.

One such trend is that most recent malware attacks came from within the same region as the victim, a marked difference from previous years, according to Netskope, which believes this is a strategic tactic used by attackers to avoid geofencing filters and other prevention measures.

This is especially true for North America, where 84 percent of all malware downloads by victims in this region during the past year could be traced to websites hosted within the North American region itself.

Netskope is a provider of a Cloud Access Security Broker (CASB), a tool that sits between organizations and cloud services to enforce security policies.

A rise in the use of search engines to deliver malware seen by Netskope over the past year demonstrates how adept attackers have become at SEO, the firm said. Malware downloads referred via search engines largely comprised malicious PDF files, with other techniques included fake CAPTCHAs that redirect users to phishing, spam, scam, and malware websites.

Netskope also found that Trojans account for 77 percent of all malware downloads, with attackers using social-engineering techniques to get malicious payloads past their victims and secure that initial foothold inside their systems, which may then install backdoors to their networks, steal information, or deploy ransomware.

Meanwhile, 47 percent of malware downloads originate from cloud apps, compared with 53 percent delivered from traditional websites, Netskope claims.

However, widely used cloud apps continue to be the source of many cloud malware downloads, including collaboration and webmail apps, with attackers taking advantage of the ability to send messages directly to their victims in emails, direct messages, comments and document shares.

“Malware is no longer confined to traditional risky web categories. It is now lurking everywhere, from cloud apps to search engines, leaving organizations at greater risk than ever before,” Netskope Threat Research Director Ray Canzanese said in a statement.

He added that corporate security leaders need to regularly revisit their malware protection strategy and ensure all possible entry points are accounted for. In particular, steps should be taken to stop employees falling victim to the social-engineering techniques and targeted attack methods used by attackers.

Netskope said that EXE and DLL files account for nearly half of all malware downloads as malicious actors continue to see Microsoft Windows as a prime target for attacks.

However, Netskope also claimed that attacks involving malicious Microsoft Office files are on the decline and have returned to levels seen before the Emotet malware struck. This is despite recent reports that the Emotet malware has seen a strong resurgence in recent weeks.

Netskope’s Cloud and Threat Report is produced by Netskope Threat Labs, and a copy can be downloaded from the company’s website. ®