News in the Channel - issue #16

NEWS

remote encryption and targeting managed service providers. Between 2022 and 2023, the number of ransomware attacks that involved remote encryption – when attackers use an unmanaged device on organisations’ networks to encrypt files on other systems in the network – increased by 62%. In addition, this past year, Sophos’ Managed Detection and Response team responded to five cases involving small businesses that were attacked through an exploit in their MSPs’ remote monitoring and management software. Following ransomware, business email compromise (BEC) attacks were the second highest type of attacks that Sophos IR handled

engineering campaigns contain an increasing level of sophistication. Rather than simply sending an email with a malicious attachment, attackers are now more likely to engage with their targets by sending a series of conversational emails back and forth or even calling them. To evade detection by traditional spam prevention tools, attackers are now experimenting with new formats for their malicious content, embedding images that contain the malicious code or sending malicious attachments in OneNote or archive formats. In one case Sophos investigated, the attackers sent a PDF document with a blurry, unreadable thumbnail of an ‘invoice.’ The download button contained a link to a malicious website.

in 2023, according to Sophos’ report. These BEC attacks and other social

Netskope and Egress launch new partnership

Egress, a provider of adaptive cloud email security, has announced a partnership with Netskope, a Secure Access Service Edge (SASE) provider, to enhance behavioural- based threat detection and response. The partnership enables Egress to aggregate Netskope’s User Confidence Index (UCI) as part of its Human Risk Management solution. Netskope’s AI/ML-derived UCI output is combined with threat intelligence sourced from the Egress platform and an organisation’s wider cybersecurity ecosystem to generate holistic human risk scores for each individual user. Netskope’s AI/ML capabilities provide per- user behaviour analytics that correlate multiple, disparate activities to detect the anomalies that indicate insider threats, compromised accounts and devices, lateral movement, data exfiltration and advanced persistent threats across organisations’ cloud-hosted platforms and applications. By consuming the UCI risk score through native API integration, Egress will now leverage Netskope’s live behaviour analytics as part of its adaptive security architecture, which automates personalised inbound and outbound email security controls based on real-time human risk telemetry. This integration is immediately available for all joint customers, who can benefit from: l Centralised threat intelligence that surfaces meaningful insights from the Netskope One platform to Egress Human Risk Management, elevating threat hunting capabilities and dramatically reducing time to response

l Improved detection of suspicious user activity to automate defenses against advanced inbound and outbound email threats l No administrative burden from real-time policy management that dynamically adjusts according to everyone’s risk score via an adaptive security architecture. “With the rapid adoption of cloud platforms and applications, organisations have struggled to contain cyberattacks and insider threats,” said Tony Pepper, CEO of Egress. “Every part of an organisation’s technology ecosystem presents risk – with email at the top of the list as the riskiest application. By combining the deep behavioural analytics generated by Netskope and Egress, joint customers will benefit from unprecedented visibility into human risk and automated defenses that eliminate advanced email threats, tailored to each individual employee.” David Willis, vice president, technology alliances at Netskope, added: “Behavioural patterns can disclose indicators of compromise within every platform and application. Enterprises are vulnerable to employees falling victim to inbound email attacks, making cybersecurity mistakes, and knowingly or unknowingly exfiltrating data. [This] announcement marks an exciting development for joint Netskope and Egress customers, who can now enhance their human risk scoring using Netskope One insights and continuously extend their behavioural-based threat detection and response across their cloud environments.”

Tony Pepper CEO

egress.com

David Willis vice president, technology alliances

netskope.com