ThreatLabZ uncovers attacks that target WordPress vulnerabilities and job-seekers in August
As cybersecurity stewards of the Zscaler Zero Trust Exchange, the ThreatLabZ team led by CISO and VP Security Research & Operations Deepen Desai oversees more than 120 billion data transactions per day. That gives ThreatLabZ researchers a unique, front-row view of new and subversive cyber activities threatening the global community of internet users. In August, ThreatLabZ researchers discovered, deconstructed, documented, and blocked new attacks that:
- Tricked job-searchers into providing LinkedIn account credentials on a seemingly-credible yet malicious website.
- Exploited unpatched WordPress instances to redirect site visitors to an information-stealing website.
- Distributed a new Russian-hacking-group-developed infostealer called PurpleWave that harvests client-stored credentials, auto-fill data, credit-card info, cookies, and browser histories.
- Targeted fans of two African soccer clubs via spyware-embedded Android apps.
To learn more about the threats Zscaler discovered last month, read Deepen’s blog on the latest August 2020 ThreatLabZ research.
As companies move infrastructure, software, and assets to the cloud, cybercriminals are shifting tactics to follow them. For companies still employing legacy “castle-and-moat” cybersecurity, the necessary (and often overdue) move to the cloud extends the threat surface. But preserving perimeter security becomes untenable when data traffics the open internet. Hackers know this and target enterprises still trying to defend networks with legacy hardware appliances.
A SASE architecture employing Zero Trust security principles secures data traffic for the new cloud-first, work-from-anywhere (WFA), device-agnostic enterprise. The Zscaler Zero Trust Exchange exemplifies the SASE architecture and Zero Trust best practices. Its identity-based authentication model leverages SSL inspection, cloud firewall, DLP, CSBM, and CASB technologies to block new threats. The Zscaler Zero Trust Exchange is the largest cloud security platform in the world, processing more than 120 billion transactions daily and detecting about 100 million threats per day from users across 185 countries. Zscaler customers benefit from a (massive) threat-prevention "cloud effect": A cyber attack countered for one Zscaler user is immediately blocked for every Zscaler user worldwide.
Using its extensive monitoring of the global Zscaler Zero Trust Exchange, the ThreatLabZ team produces the Global Internet Threats Insights dynamic dashboard. For more information on Zscaler ThreatLabZ cybersecurity research, check out published reports here.
Program/Project Manager --- deliver with delight!
4 年Hacker will move in direction of migration and where resources are committed and needed - Cloud is the obvious choice, public, private, hybrid, perimeter (networking), ecommerce (web commerce), mail (communication), SSO infrastructures. Constant risk assessment is needed and architecture hardened to prevent penetration. The vendor with a differentiated USP shall win the dollars from the customer. Great work by Jay/team ZScaler!!
Account Executive - SLED
4 年Threatlabz is one of the key assets of Zscaler. I wish we did a weekly newsletter of the key new findings as Threatlabz is a phenomenal resource.
... and the best thing is that this threat intelligence plus counter measure implementation comes all ?out of the box‘ when you have implemented Zscaler Internet Access. What a new world and a calming thought for CXO.