Netskope Research finds surge in phishing downloads as cybercriminals leverage SEO to lure victims

Netskope Cloud and Threat Report Reveals Cybercriminals Are Growing More Sophisticated, Leveraging Various Social Engineering Techniques and Trojan Families to Target Victims More Effectively

SANTA CLARA, Calif., May 10, 2022 /PRNewswire/ — netscope, the leader of Security Service Edge (SSE) and Zero Trust, today released new research that found that phishing downloads have seen a surge of 450% in the past 12 months, fueled by attackers using search engine optimization (SEO) techniques to improve the ranking of malicious PDF files on popular search engines, including Google and Bing. The findings are part of the latest edition of Netskope Cloud and Threat Report: Global Cloud and Malware Trends, which examines the last 12 months of malware downloads from the cloud and the web.

The top web referrer categories contained some categories traditionally associated with malware, particularly shareware/freeware, but were dominated by less conventional categories. The increase in the use of search engines to distribute malware over the past 12 months provides insight into how proficient some attackers are when it comes to SEO. The malware downloads referenced by search engines were mostly malicious PDF files, including many malicious fake CAPTCHAs that redirected users to phishing, spam, scam and malware websites.

The report also revealed that most malware over the past 12 months was downloaded from the same region as its victim, a growing trend that points to the growing sophistication of cybercriminals, who more frequently stage malware to avoid geofencing filters and other traditional prevention measures. The results reveal that attackers tend to target victims located in a specific region with malware hosted in the same region. In most regions, the plurality of malware downloads originated from the same region as the victim. This is particularly true for North Americawhere 84% of all malware downloads by victims in North America were downloaded from websites hosted in North America.

“Malware is no longer limited to traditional risky web categories. They now lurk everywhere, from cloud apps to search engines, leaving organizations more exposed than ever before,” said Ray Canzanese, director of threat research at Netskope. “To avoid falling victim to these social engineering techniques and targeted attack methods, security managers should regularly review their malware protection strategy and ensure that all entry points possible are taken into account.

Based on a subset of anonymized usage data collected by the Netskope Security Cloud Platform, additional key findings from the report include:

  • Trojans continue to prove their effectiveness: Trojans account for 77% of all cloud and web malware downloads, as attackers use social engineering techniques to gain a foothold and deliver a variety of next-stage payloads, including gates theft, information thieves and ransomware. No Trojan horse family is globally dominant. The top 10 Trojan families account for only 13% of all downloads, with the remaining 87% coming from less common families.

  • The cloud and the web make an attacker’s perfect pair: 47% of malware downloads come from cloud applications, compared to 53% from traditional websites, as attackers continue to use a combination of cloud and web to target their victims.

  • Popular cloud storage apps continue to be the source of most cloud malware downloads. Other major cloud application referrers include collaboration and webmail applications, where attackers can send messages directly to their victims in many different forms, including email, direct messages, comments, and document sharing.

  • Malicious Microsoft Office files declined to pre-emotet levels: EXE and DLL files account for nearly half of all malware downloads as attackers continue to target Microsoft Windows, while malicious Microsoft Office files are in decline and have returned to pre-Emotet levels. This is largely due to proactive warnings and security checks introduced last year by technology vendors such as Google and Microsoft.

The Netskope Cloud and Threat Report is produced by Netskope Threat Labs, a team comprised of the industry’s leading cloud threat and malware researchers who discover, analyze, and design defenses against the latest cloud threats and data affecting businesses.

Download the full report here.

For more information, the security community can access, engage with, and learn from Netskope’s threat researchers and the insights that Netskope’s Intelligent SSE Platform offers on the evolving cloud threat landscape by visiting the Netskope’s Threat Research Hub.

About Netskope
Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data. The Netskope Intelligent Security Service Edge (SSE) platform is fast, easy to use, and secures people, devices, and data wherever they go. Netskope helps customers reduce risk, accelerate performance, and gain unparalleled visibility into all cloud, web, and private app activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope to meet evolving threats, new risks, technological changes, organizational and network changes, and new regulatory requirements. To learn how Netskope helps customers be ready for anything in their SASE journey, visit

Media Contact
Inkwell for Netskope
[email protected]


View original content: -victims-301542802.html

SOURCE Netskope

Comments are closed.