Over 400 distinct cloud applications delivered malware in 2022, nearly tripling the amount seen in the prior year, according to the latest research from Netskope, the Santa Clara, Calif.-based SASE provider. Netskope researchers also found that 30% of all cloud malware downloads in 2022 originated from Microsoft OneDrive.
As cloud apps are widely used by many business, these apps are an ideal home for hosting malware and causing harm to organizations. “Attackers are increasingly abusing business-critical cloud apps to deliver malware by bypassing inadequate security controls,” says Ray Canzanese, threat research director, Netskope Threat Labs. “That is why it is imperative that more organizations inspect all HTTP and HTTPS traffic, including traffic for popular cloud apps, both company and personal instances, for malicious content.”
Compared to 2021, the most significant change in cloud application use was the increase in the percentage of users uploading content to the cloud in 2022. According to Netskope data, over 25% of users worldwide uploaded documents daily to Microsoft OneDrive, while 7% did so for Google Gmail and 5% for Microsoft Sharepoint. The drastic increase in active cloud users across a record number of cloud applications led to a sizable increase in cloud malware downloads in 2022 from 2021, after remaining close to flat in 2021 compared to 2020.
Nearly a third of all cloud malware downloads originated from Microsoft OneDrive, with Weebly and GitHub coming in the next closest among cloud apps at 8.6% and 7.6%, respectively.
In 2022, several geographic regions saw significant increases in the overall percentage of cloud vs. web-delivered malware compared to 2021, including:
- Australia (50% in 2022 compared to 40% in 2021)
- Europe (42% in 2022 compared to 31% in 2021)
- Africa (42% in 2022 compared to 35% in 2021)
- Asia (45% in 2022 compared to 39% in 2021)
In certain industries, cloud-delivered malware also became more predominant globally, especially:
- Telecom (81% in 2022 compared to 59% in 2021)
- Manufacturing (36% in 2022 compared to 17% in 2021)
- Retail (57% in 2022 compared to 47% in 2021)
- Healthcare (54% in 2022 compared to 39% in 2021)
How to Avoid Cloud-and-Web Delivered Malware
With remote and hybrid work dynamics continuing to pose cybersecurity challenges, Netskope recommends organizations take the following actions to avoid increased risk of security incidents stemming from cloud- and web-delivered malware:
- Enforce granular policy controls to limit data flow, including flow to and from apps, between company and personal instances, among users, to and from the web, adapting the policies based on device, location, and risk.
- Deploy multi-layered, inline threat protection for all cloud and web traffic to block inbound malware and outbound malware communications.
- Enable multi-factor authentication for unmanaged enterprise apps.