Technical Analysis of Industrial Spy Ransomware
Industrial Spy is a relatively new ransomware group that emerged in April 2022. In some instances, the threat group appears to only exfiltrate and ransom data, while in other cases they encrypt,...
View ArticleExperience your world secured with Zscaler at Black Hat 2022
It’s that time of the year again! Security folks from near and far are gathering in Las Vegas – or making their presence known virtually – for Black Hat to network with peers, learn about the latest...
View ArticleLarge-Scale AiTM Attack targeting enterprise users of Microsoft email services
Summary ThreatLabz has discovered a new strain of a large-scale phishing campaign, which uses adversary-in-the-middle (AiTM) techniques along with several evasion tactics. Similar AiTM phishing...
View ArticleVisibility and Automation: The Underpinning of Zero Trust
This post is the seventh in a series examining how Zscaler supports the move to zero trust as defined by CISA. The CISA Zero Trust Maturity Model outlined the five key pillars of zero trust that we...
View ArticleX-FILES Stealer Evolution - An Analysis and Comparison Study
Introduction Zscaler’s ThreatLabz threat research team recently has spotted a new variant of the emerging X-FILES infostealer attack with enhanced features to exfiltrate sensitive information. X-FILES...
View ArticleThe Top 4 Reasons Why Microsoft Teams is NOT the Issue With Your Call
The pandemic has triggered many organizations to reevaluate whether employees will return to the office or stay remote. According to a Forbes article, a study by IWG (known for Regus flexible...
View ArticleShift Cloud Security Left
Organizations are undergoing an immense digital transformation that is driven by developers, who develop new applications and update features continuously at an unprecedented velocity and speed. We...
View ArticleHow to Solve the Challenge of Connectivity in China
Last November, we launched Zscaler China Premium Access. Since then, we’ve had countless interactions with customers asking us to help them with connectivity for their users in mainland China. But...
View ArticleBest Practices to Improve Kubernetes Security with CNAPP
The Power of an Orchestrator A music orchestrator coordinates the state of music notes with various musicians playing different instruments, monitoring speed and delivering continuous precision and...
View ArticleAiTM phishing attack targeting enterprise users of Gmail
Summary This blog is a follow-up to our recent publication which described the details of a large-scale phishing campaign targeting enterprise users of Microsoft email services. Beginning in mid-July...
View ArticleThe Lifecycle of a Malicious Attack
Threat actors launch attacks against organizations and the users they protect every day and at every chance they can – often during major holidays when users are less vigilant and the security...
View ArticleThe Life Cycle of a Malicious Attack
Threat actors launch attacks against organizations and the users they protect every day and at every chance they can – often during major holidays when users are less vigilant and the security...
View ArticleLearning Zero Trust: An Opportunity for Supply Chain Risk Practitioners
Let me begin by posing the seemingly obvious questions: What is a supply chain? And what is supply chain risk? In the context of security, it’s important to define what supply chain is. It could mean...
View ArticleGoogle Service Degradation Detected By Zscaler Digital Experience (ZDX)
Zscaler Digital Experience detects degradation At 6:05 PM PST on August 8th, 2022, Zscaler’s Digital Experience (ZDX) monitoring solution saw a substantial unexpected drop in the ZDX score for Google...
View ArticleAdopting a Whole of State Zero Trust Approach
As ransomware attacks continue to increase across the public sector, states are partnering with local government to provide shared services. Referred to as “whole of state”, this collaboration...
View Article5 Ways Zscaler Boosts Our Ability to Build Wealth for Over 700,000 Workers
Here in Australia, we assist our civil service and military employees with preparing for their futures by putting the strength of our federal government to work managing their pension plans. Our...
View ArticleGrandoreiro Banking Trojan with New TTPs Targeting Various Industry Verticals
Introduction Recently Zscaler ThreatLabz observed a Grandoreiro campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain that work across a variety of different industry...
View ArticleThe Top 5 Reasons to Deploy a CNAPP Now
A Cloud Native Application Protection Platform (CNAPP) is a comprehensive security and compliance platform that helps enterprises build, deploy, and run secure cloud native applications. CNAPPs...
View ArticleMaking victims pay, infostealer malwares mimick pirated-software download sites
Summary: Threat actors distributing infostealers are gaining momentum by targeting victims seeking to illegally download pirated software. Because obtaining and using pirated software is against the...
View ArticleAdvanced Threat and Risk Correlation: Catalyst to Improve Public Cloud Security
Organizations of all sizes are rapidly increasing their multicloud footprint by adopting and implementing a growing number of cloud-based applications and services. One report estimates that a whopping...
View Article