Duncan is an award-winning editor with greater than 20 years expertise in journalism. Having launched his tech journalism profession as editor of Arabian Laptop Information in Dubai, he has since edited an array of tech and digital advertising and marketing publications, together with Laptop Enterprise Evaluate, TechWeekEurope, Figaro Digital, Digit and Advertising and marketing Gazette.
Greater than two-thirds of malware downloads got here from cloud apps in 2021, based on a examine by Netskope, a safe entry service edge (SASE) specialist, titled Cloud and Risk Highlight: January 2022.
The analysis highlights the continued development of malware and different malicious payloads delivered by cloud purposes. The year-over-year evaluation identifies the highest developments in cloud attacker actions and cloud knowledge dangers from 2021 as in comparison with 2020, and examines modifications within the malware panorama all through 2021, highlighting that attackers are reaching extra success delivering malware payloads to their victims and providing recommendation for bettering safety posture in 2022.
The examine additionally recognized Google Drive because the app with probably the most malware downloads, taking the spot from Microsoft OneDrive.
The analysis uncovered a rise in malicious Workplace paperwork from 19% to 37% of all malware downloads, all pointing to an increase in cloud utility safety dangers. The report additional exhibits that greater than half of all managed cloud app situations are focused by credential assaults.
Primarily based on anonymised knowledge collected from the Netskope Safety Cloud throughout hundreds of thousands of customers worldwide from January 1, 2020 to November 30, 2021, key findings of the 2021 Cloud & Risk Highlight embrace:
- Cloud-delivered malware is now extra prevalent than web-delivered malware. In 2021, malware downloads originating from cloud apps elevated to 66% of all malware downloads when in comparison with conventional web sites, up from 46% firstly of 2020.
- Google Drive emerges as the highest app for many malware downloads. Analysis discovered that Google Drive now accounts for probably the most malware downloads in 2021, taking excessive spot from Microsoft OneDrive.
- Cloud-delivered malware through Microsoft Workplace practically doubled from 2020 to 2021. Malicious Microsoft Workplace paperwork elevated to 37% of all malware downloads on the finish of 2021 in comparison with 19% firstly of 2020, as attackers proceed to make use of weaponized Workplace Paperwork to achieve an preliminary foothold on track programs. The Emotet malspam marketing campaign in Q2 2020 kicked off a spike in malicious Microsoft Workplace paperwork that copycat attackers have sustained over the previous six quarters, with no indicators of slowing down.
- Greater than half of managed cloud app situations are focused by credential assaults. Attackers continually strive widespread passwords and leaked credentials from different providers to achieve entry to delicate info saved in cloud apps. Whereas the general stage of assaults remained constant, the sources of the assaults shifted considerably, with 98% of assaults coming from new IP addresses.
- Company knowledge exfiltration is on the rise. One out of seven staff takes knowledge with them after they depart their employer, utilizing private app situations. Between 2020 and 2021, a median of 29% of departing staff downloaded extra recordsdata from managed company app situations, and 15% of customers uploaded extra recordsdata to private app situations of their closing 30 days.
Ray Canzanese, Risk Analysis Director, Netskope Risk Labs, stated: “The rising reputation of cloud apps has given rise to 3 sorts of abuse described on this report: attackers attempting to achieve entry to sufferer cloud apps, attackers abusing cloud apps to ship malware, and insiders utilizing cloud apps for knowledge exfiltration.
“The report serves as a reminder that the identical apps that you just use for reliable functions will probably be attacked and abused. Locking down cloud apps might help to stop attackers from infiltrating them, whereas scanning for incoming threats and outgoing knowledge might help block malware downloads and knowledge exfiltration.”
Seeking to discover ways to set up a strategic hybrid cloud? Study extra concerning the digital Hybrid Cloud Congress, happening on 18 January and discover optimise and unleash the ability of your hybrid cloud. Discover different upcoming enterprise expertise occasions and webinars powered by TechForge right here.