Google Drive takes over the top spot for malware downloads from Microsoft OneDrive. More than two-thirds of malware downloads came from cloud apps in 2021. Malicious Office documents almost double in size.
More than two-thirds of malware downloads in 2021 will come from cloud apps. Google Drive was identified as the app with the most malware downloads, replacing Microsoft OneDrive. In addition, the proportion of malicious Office documents in malware downloads doubled from 19 to 37 percent in the past year. These are the results of the Netskope Threat Labs in their current Cloud and Threat Spotlight report: January 2022, which highlights the key trends in cloud attacker activity and cloud data risks in 2021 versus 2020. Accordingly, the numbers indicate an increase in security risks in cloud applications, especially since more than half of all managed cloud application instances are the target of credential attacks.
Critical trends in the use of cloud services
Netskope Cloud and Threat Spotlight is the latest in a series of regular research reports published by Netskope Threat Labs, covering critical trends in enterprise cloud service and app usage, web and cloud threats, and data migrations and transfers analyze from the cloud. As employees work remotely, pushing the boundaries of network and data security, organizations must leverage modern security controls such as Security Service Edge (SSE)-based architectures that allow their employees to move securely in the cloud.
Results: Cloud and Threat Spotlight: January 2022
- Malware is distributed far more often via the cloud than via the internet. In 2021, the proportion of malware downloaded from cloud apps rose to 66 percent of all malware downloads compared to traditional websites. At the beginning of 2020, the proportion was still 46 percent.
- Google Drive is the app with the most malware downloads in 2021, taking the top spot from Microsoft OneDrive.
- Malware distributed via the cloud using Microsoft Office almost doubled from 2020 to 2021. The share of malicious Microsoft Office documents in all malware downloads increased from 19 percent in early 2020 to 37 percent in late 2021. The Emotet malspam campaign in the second quarter of 2020 was the prelude to a continuous increase in malicious Microsoft Office documents by copycat criminals over the past year and a half - with no sign of slowing down.
- More than half of managed cloud app instances are the target of credential attacks. Attackers continually try to use common passwords and stolen credentials from other services to gain access to sensitive information stored in cloud applications. While the overall level of attacks remained constant, the sources of the attacks changed significantly: 98 percent of the attacks came from new IP addresses.
“The increasing popularity of cloud apps has led to three types of abuse identified in this report: attackers attempting to gain access to victim cloud apps, attackers abusing cloud apps to proliferate malware , and insiders using cloud apps for data exfiltration,” said Ray Canzanese, Threat Research Director at Netskope Threat Labs. “The report reminds us that the apps we use for legitimate purposes can be attacked and misused. Blocking cloud apps can prevent attackers from infiltrating them, while scanning for inbound threats and outbound data can help prevent malware downloads and data exfiltration.”
Background to the spotlight
For the report, anonymized data from millions of users of the Netskope Security Cloud platform was analyzed in the period from January 1st to November 30th, 2021. The complete report can be downloaded online. Further information can be found in the Netskope Threat Research Hub. Here, interested parties can exchange ideas with the security researchers from Netskope and learn what insights the Netskope Security Cloud Platform offers into the evolving cloud threat landscape.
More at Netskope.com
About netskope The SASE specialist Netskope connects users securely, quickly and directly with the Internet, every application and its infrastructure from anywhere and on every device. With a platform that combines CASB, SWG and ZTNA, the Netskope Security Cloud uses patented technology to offer the most granular context to enable access control and user awareness while simultaneously enforcing zero trust principles for data protection and threat prevention. While other providers compromise between security and network, the global Security Private Cloud from Netskope enables a complete calculation for inline traffic processing in real time directly at every service point.