back to article Criminals adopting new methods to bypass improved defenses, says Zscaler

The number of phishing attacks worldwide jumped 29 percent last year as threat actors countered stronger enterprise defenses with newer methods, according to researchers with Zscaler's ThreatLabz research team. Cybercriminals have adapted to multi-factor authentication (MFA), employee security awareness training, and security …

  1. Version 1.0 Silver badge

    New methods to bypass everything

    We have been seeing this development for years, it's had a big boost now that all the cyberworkers are working from home. Virtually all the phishing attempts are generating a little cash for the cloud platforms, that's treated as completely legal, spam hacking emails, texts, and phone calls happen all the time - all these efforts are effectively "permitted" these days because there are no corporate or government efforts to stop them.

  2. Anonymous Coward
    Anonymous Coward

    Our company is certainly under constant attack from these vectors.

  3. Anonymous Coward
    Anonymous Coward

    Microsoft is firmly involved in this....

    Recently we had to fend off a highly sophisticated attack against a 365 instance, that was being targeted from INSIDE a microsoft data center via AZURE.

    to top it off MS has recently cut all DIRECT support services to 365 clients in certain areas , instead insisting that you explain it to your local "partner" who will then look at it for a week, before deciding to pass it up the chain to MS.

    However hte "partners" allocated by MS ..seem to think that they only handle licensing and are not responsible to support hte product, instead wanting service contracts for support.

    so.. Cloud attacks from inside AZURE from known criminal gangs against exactly the SAME customers who pay MS to support their 365 instances

    and becasue the attack comes from WITHIN microsoft, there is no possibility of tracking the attacks or mitigating tehm as they are passed from country to country, within the Microsoft cloud.

    But MS will sell you a very expensive set of security tools to analise attacks that they are enabling.... it sounds more like an scene from the "godfather" than a professional company offering data center services.

    WHY would Microsoft ALLOW internal customers to access another customers resources?

    Especially when there is NO history or authorization passed to the external entity.

  4. Anonymous Coward
    Anonymous Coward

    Is murder now part of the risk profile?

    Quote: "...uses SMS text messages on mobile devices..."

    Ha.....NSO maybe?

    I think we should be told!

  5. Anonymous Coward
    Anonymous Coward

    Work time lost....

    Does any analysis take into account the business time lost due to introduction of Zscaler technologies?

    I'm my case and for many colleagues, it's been a considerable amount of time lost with required functionality that's been disabled, certificate changes and updates breaking things....

    From a generic business user point of view you probably wouldn't notice unless it stopped connecting but from a developer point of view it's been a pain on many occasions.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like