We've got your back. Get support for the SolarWinds cyberattacks Act Now

Company > Blogs

News and views from the leading voice
in secure digital transformation

Hero Panel Image
Security Research
New obfuscation and evasion techniques used in phishing campaigns
Insights and Research
14 Min read

New Phishing Trends and Evasion Techniques

Zscaler ThreatLabZ researchers recently came across multiple phishing campaigns using novel obfuscation and evasion techniques. In this blog, we will present an analysis of four phishing campaigns and the various obfuscation methods used in each, also describing some of the tools the attackers used to obfuscate their JavaScript code. JavaScript...
RDP Brute Force attack delivers Ransomware and can propagate laterally
Insights and Research
4 Min read

Ransomware Delivered Using RDP Brute-Force Attack

Zscaler ThreatLabZ recently published a report on the 2020 State of Public Cloud Security that showed security misconfiguration to be the leading cause of cyberattacks against public cloud infrastructure. In this blog, we will look at one of the commonly abused security misconfigurations—the RDP service port left open to the internet—and how cyberc...
cyberattack
Insights and Research
5 Min read

The Hitchhiker’s Guide to SolarWinds Incident Response

On December 13, 2020, multiple security vendors in conjunction with CISA disclosed a software supply-chain attack involving the SolarWinds Orion platform. The disclosure detailed the activities of an advanced persistent threat (APT) adversary that was able to gain access to SolarWinds systems to create trojanized updates to the Orion platform betwe...
ThreatLabZ predictions
Insights and Research
5 Min read

Cybersecurity Past, Present, and Future: ThreatLabZ Looks at 2020 and the Year Ahead

Welcome to the end of 2020. The close of every year brings a lot of online activity—especially now, with everyone at home and socially distancing. Unfortunately, even as people stay at home to protect themselves, they are not safe from threat actors—who are busy developing exploits targeted at people working and shopping online. In keeping with...
SolarWinds CyberAttack & FireEye Red Team Tools Coverage
Insights and Research
5 Min read

Zscaler Coverage for SolarWinds Cyberattacks and FireEye Red Team Tools Theft

Update On Dec 13, 2020, FireEye published additional details regarding the breach involving SolarWinds Orion supply chain attack where multiple other organizations were also impacted. FireEye also published countermeasures to detect the campaign at various stages here. Zscaler Coverage Zscaler leveraged the details on the countermeasures p...
lock
Insights and Research
15 Min read

The 2020 State of Cloud (In)Security

Key findings 63% do not use multifactor authentication for cloud access 50% do not rotate access keys periodically 92% do not log access to cloud storage, eliminating the ability to conduct forensic analysis of an incident 26% of workloads expose SSH ports to the internet and 20% expose RDP Public cloud has made possible previousl...
Cover Image
Insights and Research
6 Min read

Among Us Imposter on Google Play

Developing an app that is downloaded millions of times means success for the developer. But, quite often, it also means the app becomes a target for cybercriminals. This is the case with the wildly popular game Among Us. The game has been downloaded more than 100 million times from the Google Play store, so it’s not surprising that the Zscaler T...
Phishing and Skimmer Activity
Insights and Research
6 Min read

Cyber Monday: Shopping Scams and Skimmers

As Black Friday and Cyber Monday, the biggest shopping days of the year, are just behind us, Zscaler has noticed that the attackers have taken advantage of this holiday activity for their targeted cybercrimes. This year has been unprecedented especially with everyone staying home because of Covid-19 and involving in more online shopping that has ne...
SSL threats
Insights and Research
4 Min read

2020: The State of Encrypted Attacks

This blog is an overview of the latest threat research conducted by ThreatLabZ, Zscaler’s security research team. The full report is available here. While SSL/TLS encryption is the industry standard for protecting data in transit from prying eyes, encryption has, itself, become a threat. It is often leveraged by attackers to sneak malware past s...
Phishing activity
Insights and Research
7 Min read

Election 2020-themed scams and threat activities

The United States presidential election is here. And as COVID-19 still runs unchecked throughout the world, 2020 continues to be an outlier year in so many ways. But one thing remains constant—scammers and threat actors taking advantage of current topics for their own profit. Strangely, this is probably the most normal aspect of 2020 thus far. ...

Explore More Topics