Netskope Threat Lab: 66% of Attributable Malware Comes from State-Funded Attack Groups
North Korea Currently Accounts for the Largest Share of Attributed Malware Attacks followed by China and Russia
New data released by Netskope Threat Labs has found that, over the past 12 months, 66% of the attributable malware targeted at its customers was linked to state-funded attack groups.
The largest share of malware attacks, according to Netskope Threat Labs, came from North Korean threat groups, with Chinese and Russian groups as second and third most prevalent. A growing number of attacks use cloud applications as a point of entry and exfiltration.
The research also reveals North Korea, China, and Russia’s differing strategic objectives drive very different approaches to cyberattacks, leading to their widely varying “market share” in the threat landscape.
Netskope Threat Labs Finds Different Targets, Different Objectives
Currently, North Korea accounts for the largest share of malware attacks globally. Unlike Russia and China, North Korea’s campaigns are primarily financially motivated, leveraging cybercrime and cryptocurrency theft to fund military programmes. As a result, it targets non-specific population groups in its quest to maximise profits.
In contrast, Russia and China use cyberattacks to target their global adversaries’ critical infrastructure and high-value targets to cause targeted but high-impact disruption and damage. This means that Russia and China’s share of overall malware attacks is smaller, but the national impact of their attacks has the potential to be more disruptive.
Commenting, Sanjay Beri, CEO at and Co-Founder of Netskope, said about the Netskope Threat Lab’s recent findings: “There is no doubt that we are witnessing a global escalation of cyberattacks carried out by nation state actors as a form of “quiet war” on nation states that are currently officially at peace.”
He added: “Under the surface of this worldwide escalation is a varied picture of different states pursuing widely divergent cyberattack strategies. The difference between North Korea’s cyber ‘carpet bombing’ and Russia’s ‘precision strikes’ means that if you’ve fallen victim to an online phishing attack, it’s unlikely that Russian government-backed actors were the cause. If, however, a critical piece of national infrastructure is down, then it’s more likely that they are.”
Beri further pointed out: “Understanding these nuances is critical for businesses and individuals operating in today’s connected world – because the first and most important step in putting in place the best cyber defence strategy is understanding who is targeting you, what their goals are, and how they’re trying to achieve them.”
Cloud Becomes a Prevalent Attack Vector
Recent research from Netskope Threat Labs has also found that approximately 50% of all global malware downloads now originate from popular cloud apps. The average global worker regularly interacts with 24 cloud apps each month, with Microsoft tools such as OneDrive (51%), SharePoint (28%) and Teams (22%) being highly favoured. The top cloud apps abused for malware download in the last 12 months are OneDrive (26%), GitHub (13%) and SharePoint (12%).
This new data further proves that businesses will need to enhance their security measures to cloud-native security systems to help prevent such malware attacks.
