The malware threat continues to grow. Two security risks that should not be underestimated are Office documents and cloud applications, as a new report from Netskope shows.
When more and more companies worldwide decided to send their employees to the home office at the beginning of the pandemic, many IT departments were faced with an almost impossible task: On the one hand, they had to ensure the company's ability to work by giving employees full access to the necessary programs as quickly as possible at home and get data. On the other hand, they should ensure maximum security for this data and the corporate networks as a whole. In many cases, however, the ability to work was given priority over security - a mistake that could now take revenge, because the majority of people still work from home on a regular basis.
Cloud solutions were the way out
Many companies now rely on cloud solutions to enable their employees to work remotely. The data is not stored on protected internal servers in the company, but with cloud providers on the Internet. This means that they can be accessed from anywhere with the appropriate access data. However, even after one year of working from home, companies still have difficulties managing the authorizations for access to the cloud sensibly and, above all, securely, as the current Cloud and Threat Report from the security company Netskope shows. According to their data, a full 97 percent of the cloud apps used in the company are not properly managed and centrally managed.
97 percent of cloud apps are not properly managed
Rather, individual departments or even individual users decide to work with an app in the future and this is then installed and given permissions. The security researchers at Netskope even see a trend here in which employees grant extensive rights to third-party apps in Google Workspace. In addition, users regularly load data into their private apps such as Google Drive or Microsoft OneDrive - especially when they leave the company. These uploads bring corporate data to cloud applications, which are popular targets for cyberattacks. According to Netskope's findings, 15 percent of employees also upload files that have either been copied directly from managed app instances or that violate a company data policy.
Cloud storage applications responsible for the contamination
The other results from the report are not surprising either. The number of malware infections delivered through the cloud rose 68 percent in the second quarter. Cloud storage applications were responsible for the contamination 66 percent of the times malware found its way into the cloud. Office applications also threatened danger in the reporting period. While at the beginning of 2020 only 20 percent of malware downloads were attributable to infected Office documents, the number of these cases rose to 2021 percent in the second quarter of 43. This approach was one of the specialties of the now broken Emotet network. But the increased number of cases suggests that other hacker groups, inspired by the success of Emotet, have adopted and adapted its techniques. Even seemingly innocuous tools for collaborating on projects, such as chat apps, are not safe for corporate security as they are popular targets for criminals to spread malware. Overall, Netskope detected and blocked malware downloads from 2021 different cloud apps in the first half of 290.
Cloud applications are popular targets
But why are cloud applications so popular targets for cyber criminals? The researchers explain that cyber criminals deliver malware via cloud apps “to bypass block lists and use all app-specific allow lists”. Cloud service providers generally remove most malware instantly, but some attackers have found ways to do significant damage in the short amount of time they spend on a system undetected.
The report shows that companies should act as quickly as possible to correct the mistakes made when setting up cloud and home office structures. It also means IT departments face new challenges. While in the past they “only” had to secure a network, they are now responsible for securing access to the cloud, which can theoretically be accessed from an infinite number of devices from almost any location. Identity-based access management is indispensable for this - even if that means that some employees have to change the work processes that they have grown dear to last year again.
About 8com The 8com Cyber Defense Center effectively protects the digital infrastructures of 8coms customers from cyber attacks. It includes security information and event management (SIEM), vulnerability management and professional penetration tests. It also offers the setup and integration of an Information Security Management System (ISMS) including certification according to current standards. Awareness measures, security training and incident response management round off the offer.