The financially motivated threat group, also known as OPERA1ER, demonstrated an evolution in tactics in its compromise of three Francophone financial institutions in Africa, likely adding to its $11 million to-date haul.

A criminal group, which has already stolen nearly $11 million by specializing in targeted attacks against the financial sector, has French-speaking African banks in its crosshairs in a recent campaign that demonstrates an evolution in tactics, researchers have found.

Bluebottle, aka OPERA1ER, compromised three different financial institutions in three separate African nations between mid-July and September, affecting multiple machines in all three organizations, researchers from Symantec revealed in a blog post published on Jan. 5.

Though it's unclear if the group was able to capitalize financially on the activity, it's significant because the different payloads and other tactics that Bluebottle used in the campaign vary from previous offensives by the group, Sylvester Segura, Symantec threat intelligence analyst, tells Dark Reading. 

In particular, Bluebottle used commodity malware GuLoader and malicious ISO files in the initial stages of the attack — which it hasn't done before — as well as abused kernel drivers with a signed driver that has been linked to other attacks such as ransomware, Segura says.

These "all indicate the Bluebottle group is keeping up to date with the tools and techniques that other threat actors are currently using," he says. "They may not be the most advanced, but this latest activity proves they are following attacker trends in tooling and techniques."

Indeed, the use of signed drivers in particular shows that Bluebottle — a financially motivated group first observed in 2019 — is aiming to up its game in this latest spate of activity, forcing enterprises to do the same in terms of defensive maneuvers, Segura says.

"More and more 'less advanced' attackers are aware of the impact they can have by disabling detection solutions through various means such as using signed drivers," he notes. "To prevent the trust we put in software like signed drivers from becoming a single point of failure, enterprises need to employ as many layers of detection and protection as they reasonably can."

**Keeping Up With Bluebottle****

Group-IB first began tracking Bluebottle, which it calls OPERA1ER, in activity that spanned from mid-2019 to 2021. During this period, the group stole at least $11 million in the course of 30 targeted attacks, researchers said in a report published in November. The group typically infiltrates a financial organization and moves laterally, scooping up credentials that it can use for fraudulent transfers and other funds-stealing activity.

The activity that Symantec observed started in mid-July, when researchers spotted job-themed malware on one of the infected systems, which they believe could have been the result of a spear-phishing campaign — though they said they are not certain of the group's initial point of entry.

"These likely acted as lures," researchers wrote in the post. "In some cases, the malware was named to trick the user into thinking it was a PDF file."

Symantec researchers linked the group to the previous OPERA1ER activity reported by Group-1B because it shared the same domain, used similar tools, included no custom malware, and also targeted Francophone nations in Africa, they said.

****Living Off the Land****

After noticing the job-themed malware, researchers then observed the deployment of a downloader before detecting the commercial Sharphound hacktool as well as a tool called fakelogonscreen, researchers said. Then, about three weeks after this initial compromise, researchers saw attackers using a command prompt and PsExec for lateral movement.

"It appears the attackers were 'hands on keyboard' at this point of the attack," researchers wrote in the post, using various dual-use and living-off-the-land (LotL) tools for a number of purposes during their occupation of the network.

These tools included Quser for user discovery, Ping for checking Internet connectivity, Ngrok for network tunneling, Net localgroup/add for adding users, the Fortinet VPN client most likely for a secondary access channel, Xcopy to copy RDP wrapper files, and Netsh to open port 3389 in the firewall, among several others.

As previously mentioned, Bluebottle also used commodity tools GuLoader as well as Mimikatz, Revealer Keylogger, Backdoor.Cobalt, Netwire RAT, and the malicious DLL and driver for killing processes during their activity, along with "multiple other unknown files," the researchers wrote.

Some of the tools — such as GuLoader — were deployed across all three victims; other activity linking the three victims included the use of the same .NET downloader, malicious driver, and at least one overlapping transfer\[.\]sh URL, they said.

Researchers observed the last activity on the compromised network in September; however, the Ngrok tunneling tool remained on the network until November, they said.

****How Enterprises Can Respond****

Since Bluebottle uses mainly commodity RATs and other malware in its activity, enterprises can mitigate attacks from this threat group by ensuring they have good endpoint protection against such threats, Segura says.

"Furthermore, an extended detection and response solution should also help detect their abuse of living off the land tools like PsExec during attempted lateral movement," he says.

Since Bluebottle typically goes after credentials immediately in its attacks for financial gain, multifactor authentication can also go a long way in helping enterprises protect accounts and monitor for suspicious account activity, Segura says.

Other steps enterprises can take to counter activity from Bluebottle specifically include allowing applications that "will help prevent the malicious use of dual-use tools like Ngrok, which they use for hiding their presence," he says.

"Finally, training employees to look out for phishing and other malicious emails is going to be crucial to prevent a group like this from intruding in the first place," Segura adds.

**

Bluebottle Continues Bank Heist Assault With Signed Malware

Security teams may be missing targeted attacks and advanced exploits if attackers are using evasive techniques to avoid detection. Defenders need to up their game.

Attackers today combine state-of-the-art obfuscation and adaptive environment-specific features to avoid detection by traditional malware analysis systems. If your security team is relying on legacy approaches, like traditional sandboxing, to scan files entering your network, they may miss these dangerous exploits targeting your organization. If your security teams are spending their time with easy-to-detect, common vulnerabilities and not on the targeted attacks, they are exposing your organization to unnecessary risk from cybercriminals.

Nothing about this pattern is new: Researchers develop new anti-malware technology to detect malware attacks. Cybercriminals adapt their malware variants to avoid detection. And the cycle continues.

Attackers are adopting techniques, such as machine fingerprinting and geofencing, where they use information about the victim's application stack and system environments to compromise systems.

**Gotta Catch 'Em All: Geofencing**

There are many ways for malware to get on a victim's machine. Once there, some malware variants remain dormant if the victim's machine or network is not in a specific country. That comes courtesy of geofencing.

The malware looks up the external IP address geographic region via an external database or service and checks whether the device is located in the target region. If the device's geographic location is in a region of interest, the malware detonates. It may install a second-stage malware; steal useful information, such as administrator credentials; exfiltrate data to a system controlled by criminals; and remove all traces of its activity on the machine.

Attackers add geofencing features to malware for many reasons. It may be easier to evade detection by locations with strong security postures. Sometimes they don't want to infect networks in their home countries, where they could face prosecution. Savvy criminals target wealthy countries inhabited by trusting folks who are more likely to open documents and pay ransom. Or they may know that business leaders in a specific region rely on weak defensive postures or are less likely to use two-factor authentication.

One example of a region–specific attack: The South Korean government widely uses the Hangul Word Processor (HWP). North Korean attackers write malware in Hangul to penetrate critical government systems. Trying to use this malware to compromise US government employees, however, would be a waste of resources.

**Finding the Golden Image: Fingerprinting**

Malware authors rely on diverse fingerprinting techniques to determine whether machines are susceptible to their attack chains. Fingerprinting helps malware avoid detection by appearing harmless to antivirus technologies.

The malware remains dormant on the victim's machine unless the environment meets predefined conditions — such as having a specific application installed or certain configuration settings enabled. Attackers also use fingerprinting techniques to figure out whether the compromised system is actually a virtual machine using a preconfigured, out-of-the-box or initial install image. If that is the case, the malware does not detonate.

**What Adaptive and Dynamic Analysis Looks Like**

Traditional sandboxes may not detect advanced malware or targeted zero-day attacks if the attacker is using techniques such as geofencing or fingerprinting. For example, malware that uses geofencing must look up IP addresses to determine its geographic location. In contrast, adaptive dynamic analysis technology can help detect very specific, targeted attacks because it can detect and automatically bypass environment and anti-analysis checks. 

Adaptive analysis performs execution only of instructions related to the malware, as opposed to traditional sandboxes, which are fully virtualized operating systems executing instructions of every service and application on the system. As a result, the total resource utilization for adaptive analysis is significantly lower. Being able to extract intelligence in the form of indicators of compromise (IOCs) enables threat hunting, proactive self-defense improvements, and threat actor attribution.

Threat Actors Evade Detection Through Geofencing & Fingerprinting

**WILKES-BARRE, Pa.****,** **Jan. 5, 2023** **/PRNewswire/ --** Maternal & Family Health Services ("MFHS"), a private non-profit health and human services organization serving Northeastern Pennsylvania, announced today that the organization was the victim of a sophisticated ransomware incident that may have resulted in the inadvertent exposure of sensitive information to an unauthorized individual.  MFHS began notifying potentially affected individuals, including certain current and former employees, patients, and vendors, on January 3, 2023.

On April 4, 2022, MFHS experienced a ransomware incident. Upon learning this, MFHS immediately engaged specialized third-party forensic incident response firms to assist with securing the organization's systems. The firms conducted a forensic investigation to determine the extent of any unauthorized activity and identify what data may have been compromised.  During the course of the investigation, it was determined that elements of personal information of certain individuals may have been compromised.  This personal information included, and potentially was not limited to: names, addresses, dates of birth, Social Security numbers, driver's license numbers, financial account/payment card information, usernames and passwords, medical information and/or health insurance information.  The investigation also found that while MFHS was alerted to the ransomware event on April 4, 2022, the unauthorized access to the organization's systems occurred between August 21, 2021 and April 4, 2022.  MFHS does not have any evidence that any personal information has been misused as a result of this incident. 

Beginning on January 3, 2023, MFHS issued letters to potentially impacted individuals.  The letters include information about the incident and steps that individuals can take to protect their personal information such as the implementation of fraud alerts and security freezes. MFHS is also offering complimentary credit monitoring and identity theft protection services to individuals whose Social Security number and/or financial account/payment card information may have been involved in the incident.

"Maternal & Family Health Services takes the protection our patients' and employees' personal information seriously," said Maria Montoro Edwards, Ph.D., President & CEO of Maternal & Family Health Services.  "We understand the inconvenience or concern this incident may cause and are committed to strengthening our systems' security to prevent this kind of incident from happening again."

MFHS has also launched a dedicated phone hotline for individuals with questions about the incident. Call center representatives are available at (833) 896-7339, Monday through Friday from 9:00 am – 9:00 pm Eastern Time.

**About Maternal & Family Health Services:**

Founded in 1971, MFHS is a private, non-profit health and human services organization that works to meet the health and nutrition needs of Northeastern Pennsylvania's women, children, and families with information, education, and quality care.  MFHS oversees and supports a network of health and nutrition centers in 17 Pennsylvania counties, serving over 90,000 women, men, and children annually.

Maternal & Family Health Services Issues Notice Of Cybersecurity Incident

**WASHINGTON, DC January 5, 2023 –** DirectTrust and the Electronic Healthcare Network Accreditation Commission (EHNAC) today announced the completion of their previously announced merger, effective January 4, 2023. Moving forward, DirectTrust, combined with EHNAC’s accreditation expertise, will create new opportunities for trust and assurance in the healthcare industry – including bringing to fruition new accreditation programs like consumer access and use of health data.

DirectTrust is a non-profit healthcare industry alliance created to support secure, identity-verified electronic exchanges of protected health information. EHNAC is a non-profit standards development organization and accrediting body for organizations that electronically exchange healthcare data.

“We’re excited to officially welcome EHNAC’s team of experts and assessors to the DirectTrust family. The completion of this merger significantly strengthens our accreditation capabilities, in particular for our members who will experience an improved and streamlined accreditation process,” said Scott Stuewe, DirectTrust President and CEO. “However, the impact of this merger will reverberate well beyond our members. This move further supports trust and security in nationwide trust frameworks and networks throughout the healthcare ecosystem as we strive to become the nation’s premier healthcare-focused accreditation, standards development, and technical trust partner.”

EHNAC senior leaders Executive Director and CEO Lee Barrett and COO Debra Hopkinson, long-standing pillars of the health IT trust and accreditation communities, will continue to work for and consult with DirectTrust as Commission Executive Director and Executive Advisor, respectively. EHNAC staff members and assessors will also join DirectTrust. Additionally, the EHNAC Commission will remain intact and be designated as Commissioners overseeing accreditation-specific matters. The DirectTrust Board of Directors will continue as is.

“Now officially part of DirectTrust, we look forward to strengthening our longstanding commitment to helping maintain patient and provider confidence in data-sharing networks and reducing cyber exposure throughout the industry,” said Lee Barrett, Commission Executive Director. “While TEFCA continues its presence as a driving force towards interoperability, accreditation and certification will continue to play a critical role to promote adherence to standards and best practices while protecting patient data and assuring stakeholder trust. We look forward to providing further opportunity for members and accredited organizations to comply with the ever-evolving legislative and regulatory revisions impacting the way health information is shared.”

Additional information, including FAQs, about the DirectTrust-EHNAC merger may be found at https://bit.ly/DTEHNAC.

**About DirectTrust**

DirectTrust™ is a non-profit, vendor-neutral alliance dedicated to instilling trust in the exchange of health data. The organization serves as a forum for a consensus-driven community focused on health communication, an American National Standards Institute (ANSI) standards development organization, an accreditation and certification body through EHNAC (the Electronic Healthcare Network Accreditation Commission), and developer of trust frameworks and supportive services for secure information exchange like Direct Secure Messaging and trusted, compliant document submission.

The goal of DirectTrust is to develop, promote, and, as necessary, help enforce the rules and best practices necessary to maintain privacy, security, and trust for stakeholders across and beyond healthcare. In addition, DirectTrust is committed to fostering widespread public confidence in the interoperable exchange of health information while promoting quality service, innovation, cooperation, and open competition in healthcare. To learn more, visit: DirectTrust.org.

DirectTrust and EHNAC Announce Closing Of Merger

**CAMPBELL, Calif.****,** **Jan. 5, 2023** **/PRNewswire/ --** iCoin Technology, a U.S. based manufacturer of modern crypto hardware wallets, announced today that it will be adding a secure messaging feature to their existing hardware wallet system for cryptocurrency

"One of the problems with existing secure messaging platforms is that they rely on central severs to control message flow and storage.  These central severs can be compromised by external or internal threats, including password reset requests.  Also, the smartphones or laptops that are used as message endpoints are network connected devices and run multiple applications - which can also expose the messages to attacks.  By encrypting and decrypting the messages only on a cold device, like the iCoin hardware wallet, can the users be sure that no one can intercept and read the messages between the sender and receiver." - Chet Silvestri, CEO, iCoin Technology

The iCoin hardware wallet is a cold device which is never directly connected to a network.  The encryption keys are created and stored only within the hardware wallet and can never be extracted.  The messages are directly entered into the hardware wallet and encrypted before ever leaving the wallet.  The pre-encrypted messages can then be sent over public messaging systems and are tamperproof.

The Secure Messaging feature will be integrated into the iCoin hardware wallet beginning in April 2023 and will also available as a no-cost firmware upgrade for existing iCoin hardware wallet owners at the same time.

"My quote from decades ago of "You have no privacy. Get over it!" has certainly stood the test of time.  But we can and must try to fight back.  The iCoin hardware encrypted secure messaging system will allow users to regain some control of their privacy when it comes to personal communications.   Both Enterprises and Consumers can now use the iCoin system to bring a new level of security to internet-based communication." - Scott McNealy, former CEO and Founder, Sun Microsystems, Inc.

**About iCoin Technology**

Headquartered in Silicon Valley, iCoin Technology is a pioneer of a new class of hardware wallets for the digital economy, blending consumer-grade ease-of-use with industrial-strength security.

Learn more at https://www.icointechnology.com/ or follow us on Linkedin, twitter, or Instagram.

SOURCE iCoin Technology

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

US Based ICOIN Technology Announces Secure Messaging Solution Using Hardware Wallet Encryption

Amid escalating cyber activity, two separate cybersecurity frameworks are targeting the satellite arena, highlighting the ease in attacking the infrastructure and the difficulty in defending it.

With cyberattacks becoming a reality against the space sector's infrastructure in 2022, two groups are aiming to get ahead of future attacks by creating framework initiatives.

The goal of the frameworks is to better understand not only potential threats — in terms of the traditional tactics, techniques, and procedures (TTPs) applied to the space sector — but also to help companies and government agencies create countermeasures against attacks targeting satellites and spacecraft.

On Jan. 3, the US National Institute of Standards and Technology (NIST) and the MITRE Corp., which is also a government contractor, released a version of the NIST Cybersecurity Framework tailored to the ground-based portion of the space sector. The NIST publication complements another effort by nonprofit government contractor The Aerospace Corp., which created in October the Space Attack Research and Tactics Analysis (Sparta) matrix, a version of the MITRE ATT&CK framework applied to threats against space-based infrastructure.

**Cyberattacks Are Now Targeting Satellites**

Early in 2022, the FBI and CISA warned that attacks against satellite ground-based and space-based infrastructure could become a reality — and it soon did. The year saw nation-state operations targeting Viasat and SpaceX's Starlink satellites, and forcing governments and aerospace companies to create defenses against the attacks.

In the early days of Russia's invasion of Ukraine, for example, Russia-aligned hackers targeted the ground-based segment of Viasat's satellite communications network, taking Internet modems offline throughout Europe. Soon after, Russia also targeted the distributed satellite Internet service Starlink, according to government officials and SpaceX CEO Elon Musk, which has been critical for providing the Ukraine war effort with Internet connectivity.

"Starlink has resisted Russian cyberwar jamming & hacking attempts so far, but \[attackers are\] ramping up their efforts," Musk stated on Twitter last May.

In November, Starlink was in the crosshairs again, with Russia-linked Killnet APT targeting it with a DDoS campaign that made the service inaccessible for several hours.

As a corollary, satellites have also become proposed targets of non-cyberattacks as well. In the most recent example, Chinese researchers proposed a 10 megaton nuclear blast 50 miles from the Earth's surface as a way to disable Starlink satellites that pass through the radioactive cloud.

**Computers, Not Lost in Space**

Cyberattackers in this arena are far more likely to be advanced persistent threats (APTs) sponsored by nation-states — often looking to disable satellites and spacecraft. But much of today's ground-based satellite infrastructure uses common computer and communications technologies, which could open the door to other players.

The similarities allow attackers to more easily exploit the systems underpinning satellite systems, while the complex supply chain makes the infrastructure easier to attack, Neil Sherwin-Peddie, head of space security for defense and government contractor BAE Systems Digital Intelligence, stated in a recent column for Dark Reading_._

"Satellites are effectively just platforms with embedded systems and interfaces, including radio communications, telemetry tracking control systems, and ground segment connections," he wrote. "These are all essentially enterprise networks, but that also makes them avenues of opportunity for cybercriminals."

The attack on Viasat consisted of two components and underscores that known attack methods can be tailored to ground-based and space-based satellite systems.

First, the attackers exploited "a misconfiguration in a VPN appliance to gain remote access" to the ground-based network, according to a Viasat advisory. The attackers then discovered and compromised the management network for the satellite network and issued commands to the ground-based modems.

"Specifically, these destructive commands overwrote key data in flash memory on the modems, rendering the modems unable to access the network, but not permanently unusable," the company stated.

These commands performed functions similar to a wiper attack, overwriting critical data to disrupt operations, a common approach in cyber-physical attacks, according to a subsequent analysis performed by independent cybersecurity researcher Ruben Santamarta.

New attack vectors are looming for the future, as well. 

"We will see more automation on the spacecraft, and therefore we will need more on-board autonomous cyber protection," says Brandon Bailey, a senior project leader for the Cyber Assessments and Research Department at The Aerospace Corp. "This means integrating items like segmentation, authentication, encryption, and intrusion detection \[and\] prevention on-board the spacecraft will be a must in the future."

**Frameworks Cover Both Ground & Space**

The NIST Cybersecurity Framework for the Satellite Ground Segment (NIST-IR-8401) builds on a common approach to cyber-defense that includes five major functions: the identification of assets and their cyber-risks, the development of technologies and procedures to protect those assets, the capability to detect attacks, the infrastructure needed to respond to any incident, and the ability to recover from attacks.

"The ground segment is becoming more interconnected and cloud-based ground infrastructures, however legacy space operations and the space vehicles themselves use custom software and hardware that was not generally created to be part of a modern highly interconnected cyber-ecosystem," NIST-IR-8401 states. "This can be especially problematic with legacy components that may have been created prior to the development of security best practices or that use obsolete security measures."

The Sparta framework aims to cover cyberattacks on the space-based components, such as satellites, spacecraft and other systems. The framework will grow and change as the field evolves and the TTPs used by attackers change, says Bailey of The Aerospace Corp.

"Cyber on the spacecraft side is relatively new field; therefore, as vulnerabilities — like PCSpoof — are disclosed, we will add TTPs and countermeasures," he says. "We also intend on working with the Space ISAC, and as it matures ... we will incorporate threat information and TTPs that are identified."

Space Race: Defenses Emerge as Satellite-Focused Cyberattacks Ramp Up

**SANTA CLARA, Calif.****,** **Jan. 5, 2023** **/PRNewswire/ --** Netskope, a leader in Secure Access Service Edge (SASE), on the heels of its recognition as Cloud Security Services Vendor of the Year, its sixth straight ranking on the Forbes Cloud 100 list of top cloud companies, and its recognition as a Leader in the 2022 Gartner® Magic Quadrant™ for Security Service Edge (SSE), today announced an oversubscribed investment round of $401M.

The partners for this oversubscribed convertible note investment were four of the world's premier investors. The financing was led by investment funds managed by Morgan Stanley Tactical Value, with participation from Goldman Sachs Asset Management, Ontario Teachers' Pension Plan, and CPP Investments. Netskope plans to extend its technology and platform advantages and market reach through continued innovative worldwide platform development and expansion of strategic go-to-market activities, underscoring its leadership and momentum in what leading analysts estimate to be the $36 billion market opportunity for SASE by 2025.

This financing marks the latest among many recent business and financial milestones for Netskope and serves as another strong validation and indicator of the continued momentum and adoption of the company's vision, team, products, culture, and market opportunity. 

**Securing Modern Cloud Networks** 

As hybrid and remote work has become the new reality, and the use of the cloud accelerates, enterprises of all sizes need to transform their network and data security strategy and architecture. As a result, they are rapidly adopting SASE as a foundational part of their zero trust strategy, to safeguard data, support digital transformation efforts, and realize better efficiency by addressing security and networking challenges through a unified architecture. In addition, enterprises are increasingly seeking SASE capabilities from fewer sources to reduce vendor and tool sprawl. Gartner notes1 that, "by 2025, 65% of enterprises will have consolidated individual SASE components into one or two explicitly partnered SASE vendors, up from 15% in 2021."

The Netskope converged SASE platform includes Netskope's industry-leading Intelligent Security Service Edge (SSE) and Borderless SD-WAN technologies, all of which are crucial to providing the optimized access and zero trust-based security required in a modern networking and security technology stack. Netskope today is one of only a few providers of single-vendor SASE. It is also the only SASE provider recognized as a representative vendor in the 2022 Gartner Market Guide to Single Vendor SASE that also appears as a Leader in the 2022 Gartner Magic Quadrant for Security Service Edge. 

"Our vision from day one was that traditional network and security perimeters would transform, with users, data, and devices moving outside the confines of corporate network perimeters and requiring a new approach to security," said Sanjay Beri, Netskope CEO and co-founder. "With a cloud-first, data-first, and customer-centric philosophy, we built a market-leading SASE platform and one of the world's fastest and most-connected security cloud networks. We have enabled enterprises everywhere to allow their users to be mobile, efficient, and flexible while securing them and the data and applications they access, whether they are in the cloud, on the web, or are private applications on-prem and beyond. We are very proud of the team members, customers, industry luminaries, and existing and new partners announced today who are helping to enable Netskope's journey and secure the journey of all enterprises worldwide."

Over the past 12 months, Netskope has broadened its market reach in the following ways:

*   **Increased Customer Base** – to more than 2,400 total customers worldwide, including over 25 of the Fortune 100, and across all verticals including financial services, healthcare, retail, telecommunications, manufacturing, government, high tech, and beyond.
*   **Expanded SASE Platform** – through organic development of new endpoint data loss prevention, advanced cloud firewall, and zero trust network access products, as well as strategic acquisitions of WootCloud and Infiot to serve as core technology components of Netskope's innovative IoT Security and Borderless SD-WAN modules, respectively.
*   **Growing Patent Portfolio** – more than 100 global patents awarded to Netskope inventors, in data loss prevention, AI/ML, threat prevention, high speed cloud networking, and other strategic technology categories.
*   **Continued Expansion of NewEdge security private cloud** – now powered by full-compute data centers in more than 60 regions worldwide. Every Netskope NewEdge data center is accessible to every customer, with all Netskope SASE services available, providing low latency and high-performing infrastructure, and backed by industry-leading Service Level Agreements.
*   **New and Enhanced Go-to-Market Partnerships** – with some of the world's best-known cloud platform, service provider and systems integrator brands, including Orange, Deloitte, Telefonica, KPN, AWS, Google Cloud, CrowdStrike, Mimecast, Okta, and others which expand Netskope's global reach and ability to capture market share.
*   **Increased Corporate Footprint** – to more than 2,500 team members, active in over 40 countries, with open roles across teams and regions. In 2022, Netskope also enhanced its seasoned executive team with leaders from Salesforce, AWS, Cisco, Palo Alto Networks and others joining Netskope.
*   **Industry Recognition:** Recent Netskope highlights also include product, customer, and industry recognition, including:

*   Won 2022 CRN Cloud Services Vendor of the Year award
*   Won Best SASE Solution and Most Promising Unicorn awards from SC Media
*   Ranked among the highest two solutions for every single use case in the 2022 Gartner Critical Capabilities for Security Service Edge report
*   Named a Leader in the IDC Marketscape for Cloud Security Gateways
*   Awarded one of the first U.S. Federal Civilian Government SASE Contracts, led by the United States Patent and Trademark Office
*   Named for a sixth time to the Forbes Cloud 100, as one of only four security vendors to rank in the Top 50
*   Achieved best-in-class employer brand and employee experience ratings from Glassdoor
*   Achieved a Silver Medal from EcoVadis, highlighting commitment to ESG and business sustainability

"Cloud migration—and securing this modern network—represents one of the most significant and transformative technology shifts in decades," said Pedro Teixeira, managing director of Morgan Stanley and Co-Head of Morgan Stanley's Tactical Value Investing Team. "We seek to invest in high-quality companies that are driving their markets today and into the future.  Netskope epitomizes this, with its innovative SASE vision and solid execution, a robust platform with significant monetization ahead of it, a large global customer base, and defensible market leadership. We look forward to partnering with the team as they strive to realize the significant opportunity that lies ahead."

**Legal Notices**

Morgan Stanley & Co. LLC served as the sole placement agent for the note offering. Pillsbury Winthrop Shaw Pittman LLP served as Netskope's legal counsel and Latham & Watkins LLP served as Morgan Stanley Tactical Value's counsel. J Wood Capital Advisors LLC acted as financial advisor to Netskope.

This press release does not constitute an offer to sell, or a solicitation of an offer to buy, any securities of Netskope.  The securities referenced herein have not been registered under the Securities Act of 1933, as amended, and may not be offered or sold in the United States absent registration or an applicable exemption from such registration requirements.

**Gartner Disclaimer**

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

**About Netskope**

Netskope, a global SASE leader, is redefining cloud, data, and network security to help organizations apply zero trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements. Learn how Netskope helps customers be ready for anything on their SASE journey, visit netskope.com.

Netskope Receives $401M In New Funding

Collaboration across all business units is key to building a robust cybersecurity program.

The shift to remote and hybrid work, a rise in IT outsourcing, and the commercialization of cybercrime have created a heightened threat landscape in which no organization is bulletproof. And in 2022, the global average cost of a data breach reached an all-time high of $4.35 million — so if cybersecurity isn't a priority when it comes to your organization's financial planning, it's time to make it one.

**Today's Threat Landscape Requires All Hands on Deck****

Modern organizations have vast supplier ecosystems of third-party vendors — and that means increased access to organizations' data and IT infrastructures. Although the growth of IT connectedness helps enterprises scale and meet business objectives, it also creates more opportunities to exploit vulnerabilities in the software supply chain.

Attacks on a third-party vendor's software negatively impact both the organization and its customers. Since customers often share sensitive data with third parties, it's critical for vendors to maintain strong security programs consistent with industry standards and regulatory requirements. But it's not just vendors who need to prioritize cybersecurity.

Cybercrime has financial consequences in the form of regulatory fines, ransom payments, and data recovery costs. Consumer trust also declines by an average of 67% after a data breach. Simply put, there's too much at stake to let cybersecurity planning sit on the backburner.

With organizational spend under greater scrutiny, it can be difficult to justify increased spending in any area of the business, cybersecurity included. But in reality, an economic downturn doesn't mean a downtick in cybercrime — data breaches climbed 167% from the second quarter to the third quarter of 2022.

****Enhance Cybersecurity Through Strategic Partnerships****

As cyberattacks continue to grow in frequency and severity, executives and decision-makers across industries have become more informed about cybercrime and the need for increased investment to mitigate it.

Collaboration between chief information security officers (CISOs) and business executives is crucial to building a robust cybersecurity program. These teams can leverage their respective skill sets to ensure alignment between cybersecurity initiatives and business objectives, more accurately measure the return on investment (ROI) of cybersecurity programs, and help make cybersecurity spending a priority.

With these best practices, security leaders can cultivate a strategic and collaborative partnership across all business units:

**Understand business shifts.** CISOs need to work together with the business to determine the most effective way to balance risk versus expense. Formalized processes should exist to engage the CISO and other key stakeholders about shifts in technology, locations, or the types of data being processed.

Additionally, regular communication between CISOs and other leaders can help them better understand each other's pain points and objectives. Through these conversations, security leaders can ensure their financial and business counterparts have the necessary context to respond to budget requests and initiatives.

**Leverage expertise to educate.** CISOs are responsible for educating organizational leaders about security risks and how to implement cost-effective controls to mitigate them. A potential recession is creating pressure for leaders to reduce spending, but experts anticipate global cybercrime costs to continue climbing. So while cybersecurity investments may present costs upfront, they pale in comparison to the financial and reputational risks of a data breach or cybersecurity incident.

Technologies and services like cloud-based vulnerability management platforms, third-party penetration testing, patch management and endpoint protection are critical in protecting the organization's data. It's up to security leaders to communicate the value of these tools, their benefits, and how they meet the needs of the business. Security leaders can speak the language of the business by focusing on outcomes and ROI rather than getting in the weeds on technical details.

The goal of establishing a solid relationship between CISOs and business leaders isn't to secure a blank check for cybersecurity spending. Instead, through regular communication and collaboration, they can work together to strike a balance between risk and expense, and determine where to allocate resources for effective cyber-threat mitigation. As a result, cybersecurity can remain a priority during budget planning and the entire organization can reap the benefits of increased customer trust and secure data.

**

How to Ensure Cybersecurity Investments Remain a Priority Across Your Organization

**DALLAS****,** **Jan. 5, 2023** **/PRNewswire/ --** Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, has established CTOne, a new Trend Micro subsidiary focused on advancing 5G network security and beyond. The group's intellectual capital and leadership come from Trend Micro's culture of innovation and is the latest incubation project to launch as a standalone business.

_To learn more about CTOne's private 5G network solutions, please visit:_ https://www.ctone.com

Eva Chen**, CEO of Trend Micro:** "Trend Micro has been at the forefront of network transformations for over three decades. The 5G network technology has enabled new capabilities and applications requiring new cybersecurity infrastructure. With our foresight and over six years of dedicated research into network technology, we are confident that CTOne will safeguard organizations in all 5G network environments."

Organizations need to integrate resources to combat emerging threats in the private 5G networks more effectively. By pre-deploying a security net, CTOne strengthens the digital resilience of vertical application fields and provides security for landing applications in private 5G network environments and achieving comprehensive protection from network to endpoint.

Low latency, large bandwidth, and high-density capabilities have accelerated many organizations to adopt private 5G networks. According to a Grand View Research report\*, the global private 5G network market size was valued at USD 1.38 billion in 2021 and is expected to expand at a compound annual growth rate of 49% in the next year. Private 5G networks are usually considered the most secure wireless communications standard. However, with the widely used Open Radio Access (O-RAN) structure, the proliferation of cloud networks, open-source software, and the variety of IoT devices, the 5G environment faces more cyber threats than ever.

Jason Huang**, CEO of CTOne:** "Safety today doesn't guarantee Safety tomorrow. While the communications technology market is booming, business operations are facing exposure to more complex risks. CTOne enables enterprises to secure private 5G networks against potential cyberattacks and build a high-quality industrial application ecosystem. In the future, we will collaborate with partners to maximize the advantages of private 5G with comprehensive security solutions."

In addition to private 5G network end-to-end security solutions, CTOne is also developing O-RAN and edge computing security solutions to assist enterprises in mitigating cyber risk when deploying related technologies.

\* Private 5G Network Market Size, Share & Trends Analysis Report By Component (Hardware, Software, Services), By Frequency (Sub-6 GHz, mmWave), By Spectrum, By Vertical, By Region, And Segment Forecasts, 2022 – 2030, Grand View Research

**About Trend Micro**

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. www.trendmicro.com.

**About CTOne**

CTOne, a global cybersecurity leader in communication technology, offers enterprise cybersecurity solutions for next-generation wireless networks. A subsidiary of Trend Micro, CTOne enables digital transformation and strengthens the resilience of communication technology. https://www.ctone.com

SOURCE Trend Micro Incorporated

Trend Micro Announces New Subsidiary for 5G Cybersecurity

The hosting provider had not applied Microsoft's new patch due to publicly reported issues with the update.

Managed cloud hosting services company Rackspace Technology has confirmed that the massive Dec. 2 ransomware attack that disrupted email services for thousands of its small-to-midsized business customers came via a zero-day exploit against a server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server, aka CVE-2022-41080.

"We are now highly confident that the root cause in this case pertains to a zero-day exploit associated with CVE-2022-41080," Karen O'Reilly-Smith, chief security officer for Rackspace, told Dark Reading in an email response. "Microsoft disclosed CVE-2022-41080 as a privilege escalation vulnerability and did not include notes for being part of a remote code execution chain that was exploitable."

CVE-2022-41080 is a bug that Microsoft patched in November. 

An external advisor to Rackspace told Dark Reading that Rackspace had held off on applying the ProxyNotShell patch amid concerns over reports that it caused "authentication errors" that the company feared could take down its Exchange Servers. Rackspace had previously implemented Microsoft's recommended mitigations for the vulnerabilities, which Microsoft had deemed a way to thwart the attacks.

Rackspace hired CrowdStrike to help with its breach investigation, and the security firm shared its findings in a blog post detailing how the Play ransomware group was employing a new technique to trigger the next-stage ProxyNotShell RCE flaw known as CVE-2022-41082 using CVE-2022-41080. CrowdStrike's post did not name Rackspace at the time, but the company's external advisor tells Dark Reading that the research about Play's mitigation bypass method was the result of CrowdStrike's investigation into the attack on the hosting services provider.

Microsoft told Dark Reading last month that while the attack bypasses previously issued ProxyNotShell mitigations, it does not bypass the actual patch itself.   

Patching is the answer if you can do it," the external advisor says, noting that the company had seriously weighed the risk of applying the patch at a time when the mitigations were said to be effective and the patch came with risk of taking down its servers. "They evaluated, considered and weighed \[the risk\] they knew about" at that time, the external advisor says. The company still hasn't applied the patch since the servers remain down. 

A Rackspace spokesperson would not comment on whether Rackspace had paid the ransomware attackers.  

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source

DARKReading