Malware continues to grow along with other malicious payload delivered by cloud applications, according to Netskope’s latest Cloud and Threat Spotlight for January 2022.
The SASE provider analyzed year-over-year data highlighting that attacker are achieving more success delivering malware payloads to their victims. The research showed more than two-thirds of malware data came from cloud apps in 2021 and identified Google Drive as the app with the most malware downloads.
The research also uncovered an increase in malicious Office documents from 19% to 37% of all malware downloads, pointing to a rise in cloud application risks. The Emotet malspam campaign in Q2 2020 kicked off a spike in malicious Microsoft Office documents that copycat attackers have sustained, with no signs of slowing down, according to the research analysis.
The research also uncovered that more than half of all managed cloud app instances are targeted by credential attacks. Attackers will constantly try common passwords and leaked credentials from other services to gain access to information stored in cloud apps. However, the sources of the attacks have shifted significantly with 98% of attacks coming from new IP addresses.
Departing employees who download files from managed corporate apps or when they upload them to their personal apps in their 30 days, pose a risk as well, with an average of 29% downloading more files from managed corporate app instances between 2020 and 2021, and 15% of users uploaded more files to personal app instances in their final 30 days, according to Netskope’s report.
“The increasing popularity of cloud apps has given rise to three types of abuse described in this report: attackers trying to gain access to victim cloud apps, attackers abusing cloud apps to deliver malware, and insiders using cloud apps for data exfiltration,” said Ray Canzanese, a threat research director at Netskope Threat Labs.
“The report serves as a reminder that the same apps that you use for legitimate purposes will be attacked and abused. Locking down cloud apps can help to prevent attackers from infiltrating them, while scanning for incoming threats and outgoing data can help block malware downloads and data exfiltration,” he said.