Netskope, a company in Secure Access Service Edge (SASE), unveiled new research showing that over 400 distinct cloud applications delivered malware in 2022, nearly triple the amount seen in the prior year. Netskope researchers also found that 30% of all cloud malware downloads in 2022 originated from Microsoft OneDrive. In the Middle East, the report shows a slight increase in the overall percentage of cloud vs. web-delivered malware compared to 2021.
Businesses frequently employ cloud apps, which are known to attackers who see these apps as the perfect place to host malware and do damage. The Cloud and Threat Report from Netskope Threat Labs looks at how these cloud security trends are changing and offers recommendations to businesses on how to strengthen their security posture in light of those changes.
Ray Canzanese, Threat Research Director, Netskope Threat Labs said “Attackers are increasingly abusing business-critical cloud apps to deliver malware by bypassing inadequate security controls.”
He added “That is why it is imperative that more organizations inspect all HTTP and HTTPS traffic, including traffic for popular cloud apps, both company and personal instances, for malicious content.”
The most significant change in cloud application use in 2022, compared to 2021, was the marked increase in the percentage of users uploading content to the cloud. According to Netskope data, over 25% of users worldwide uploaded documents daily to Microsoft OneDrive, while 7% did so for Google Gmail and 5% for Microsoft Sharepoint. The drastic increase in active cloud users across a record number of cloud applications led to a sizable increase in cloud malware downloads in 2022 from 2021, after remaining close to flat in 2021 compared to 2020.
There is no coincidence in the relationship between uploads and downloads for the most downloaded apps. Microsoft OneDrive accounted for over a third of all cloud malware downloads, with Weebly and GitHub coming in at 8.6% and 7.6%, respectively, as the next closest cloud apps.
Over the past several years, industries have become more dependent on cloud infrastructure and apps to support corporate operations. The COVID-19 epidemic and the global shift toward hybrid work have further expedited this trend. As a result, especially in some areas and businesses, cloud-delivered malware now accounts for a substantially larger portion of all malware delivery than ever before.
In 2022, several geographic regions saw significant increases in the overall percentage of cloud vs. web-delivered malware compared to 2021, including:
● Australia (50% in 2022 compared to 40% in 2021)
● Europe (42% in 2022 compared to 31% in 2021)
● Africa (42% in 2022 compared to 35% in 2021)
● Asia (45% in 2022 compared to 39% in 2021)
In certain industries, cloud-delivered malware also became more predominant globally, especially:
● Telecom (81% in 2022 compared to 59% in 2021)
● Manufacturing (36% in 2022 compared to 17% in 2021)
● Retail (57% in 2022 compared to 47% in 2021)
● Healthcare (54% in 2022 compared to 39% in 2021)
Businesses have made significant changes to allow remote and hybrid workplaces to succeed. While some industries pushed to increase the frequency of employee visits to the office in 2022, remote work choices seem to have mostly remained in place. User dispersion, which measures the number of users on the Netskope platform about the number of network locations from which those users’ traffic originates, is 66%, the same figure as it was at the beginning of the pandemic more than two years ago, according to Netskope data.
Remote and hybrid work dynamics continue to pose multiple cybersecurity challenges, including how to securely provide users access to the company resources they need to do their jobs and how to scalably and securely provide users access to the internet.
Netskope recommends organizations take the following actions to avoid the increased risk of security incidents stemming from the cloud- and web-delivered malware:
● Enforce granular policy controls to limit data flow, including flow to and from apps, between company and personal instances, among users, to and from the web, adapting the policies based on device, location, and risk.
● Deploy multi-layered, inline threat protection for all cloud and web traffic to block inbound malware and outbound malware communications.
● Enable multi-factor authentication for unmanaged enterprise apps.
