Company > Blogs

News and views from the leading voice
in secure digital transformation

Hero Panel Image
Security Research
ransomware-attack-notification
Insights and Research
2 Min read

ThreatLabZ Ransomware Review: The Advent of Double Extortion

The recent ransomware attack on the Colonial Pipeline abruptly halted operations on the largest refined products pipeline in the United States, impacting fuel availability across the eastern half of the country. In this attack, the criminal group Darkside utilized a “double extortion” attack -- exfiltrating nearly 100GB of data and threatening to p...
Recent Magecart trends and enhancements
Insights and Research
5 Min read

Magecart Attacks in 2021

Skimmer groups are growing rapidly and targeting various e-commerce platforms using a variety of ways to remain undetected. The Zscaler ThreatLabZ research team has been tracking these skimmer groups and monitoring the techniques they're using. The latest techniques include compromising vulnerable versions of e-commerce platforms, hosting skimme...
ransomware
Zscaler Cloud Platform
2 Min read

Coverage Advisory for DarkSide Ransomware Activity Targeting Manufacturing, Legal, Insurance, Healthcare and Energy Sectors

Background A cybersecurity advisory was released by the Federal Bureau of Investigation (FBI) related to a DarkSide ransomware infection targeting manufacturing, legal, insurance, healthcare and energy sectors. In May 2021, the FBI received notification that the ransomware variant DarkSide had infected a critical infrastructure company. The atta...
Gabble-Babble of RATs
Insights and Research
14 Min read

Catching RATs Over Custom Protocols

Adversaries generally use Standard Application Layer Protocols for communication between malware and command and control (C&C) servers. This is for several reasons: first, malicious traffic blends in more easily with legitimate traffic on standard protocols like HTTP/S; second, companies that rely on appliances for security often don’t inspect ...
Emerging security threats
Insights and Research
4 Min read

Insight from the Front Lines: Zscaler ThreatLabZ to Give Keynote at Zenith Live

We’re excited to announce that Zscaler ThreatLabZ will be a part of our keynote lineup at this year’s Zenith Live on June 15 and 16. Backed by the world’s largest security cloud, Zscaler ThreatLabZ is our internal research team dedicated to uncovering and investigating emerging threats, while educating the cybersecurity world about how to protect a...
Machine learning
Insights and Research
7 Min read

How and When to Embed Machine Learning in Your Product

To help companies think about how to build ML into their product infrastructures at scale, Capital G held a Q&A session with Howie Xu. It was originally published March 15, 2021, on Medium. Machine learning can enable a company to make sense of mass quantities of data, separate noise from signal on an immense level and unleash a product’s...
Malware campaign
Insights and Research
11 Min read

A look at HydroJiin campaign

Zscaler ThreatLabZ recently came across an interesting campaign involving multiple infostealer RAT families and miner malware. We’ve dubbed the campaign “HydroJiin” based on aliases used by the threat actor. The threat actor is in the business of selling malware, and lurks around in online forums that are common hangouts for neophyte to mid-level c...
Cover Image
Insights and Research
11 Min read

Android apps targeting JIO users in India

Introduction In March 2021, through Zscaler cloud we identified a few download requests for malicious Android applications which were hosted on sites crafted by the threat actor to social engineer users in India. This threat actor leverages latest events and news related to India as a social engineering theme in order to lure users to download a...
Ares malware
Insights and Research
17 Min read

Ares Malware: The Grandson of the Kronos Banking Trojan

Kronos is a banking trojan that first emerged in 2014 and marketed in underground forums as a crimeware kit to conduct credit card, identity theft, and wire fraud. In September 2018, a new Kronos variant named Osiris introduced several new features including TOR for command and control (C2) communications. The last update to Osiris appears to have ...
Cover image
Insights and Research
18 Min read

Low-volume multi-stage attack leveraging AzureEdge and Shopify CDNs

Introduction In Feb 2021, Threatlabz observed a few instances of a low-volume multi-stage web attack in Zscaler cloud. This web attack leveraged legitimate servers of Microsoft (azureedge.net), Dropbox and content delivery network of Shopify (cdn.shopify.com) to host the malicious files. The attack chain started from a Wordpress site with a c...

Explore More Topics