The volume of cloud-based malware tripled in 2022 over the prior year, says Netskope, with 30% of the malicious downloads coming from Microsoft OneDrive.
As more organizations have turned to the cloud to store and work with their data, applications and other assets, cybercriminals are increasingly exploiting cloud-based services to set up malicious downloads. A new report from network security provider Netskope looks at the rise in cloud-delivered malware and provides tips on how to protect your organization from these threats.
SEE: Mobile device security policy (TechRepublic Premium)
Jump to:
Why the shift to the cloud has led to more cloud-based malware
The shift to hybrid and remote work has led to a greater use of apps such as Microsoft OneDrive, SharePoint and Microsoft Teams, and there was a dramatic rise in the number of users uploading content to these and other cloud-based services in 2022: Last year, more than 25% of people around the world uploaded documents each day to Microsoft OneDrive, 7% to Google Drive and 5% to Microsoft SharePoint.
SEE: Hiring Kit: Cloud Engineer (TechRepublic Premium)
The delivery of cloud-based malware also shot up in 2022, triggered by an increase in the volume of apps being exploited to launch malware and the number of malicious downloads from popular apps. For the year, Netskope found 400 distinct cloud applications delivering malware, almost triple the number of the previous year. Some 30% of all malicious downloads from the cloud came from Microsoft OneDrive, followed by 8.6% from web hosting site Weebly and 7.6% from the software hosting site GitHub.
Why cloud-based attacks succeed
Attacks that exploit OneDrive and other sites are successful for three reasons: tactics, user behavior and company policy. For a malicious cloud-based download to work, the attacker must use the right tactics to upload and share the malware from the cloud app. Then a user must be duped into downloading the malware. Finally, company policy must allow the employee to gain access to the malicious file.
Other types of threats, such as phishing scams, credit card skimmers and fake websites, have helped attackers disguise their malicious content to fool unsuspecting victims. Some 94% of malicious web content seen last year was delivered via these threats.
Where the biggest increases in malware occurred in 2022
Around the world in 2022, the biggest increases in cloud-delivered malware happened in Australia and Europe, while the largest decline was seen in North America. However, the percentage of these malicious downloads remained highest in North America, followed by Australia, Asia and Africa. Looking at different industries, the largest increases in cloud-based malware occurred in the healthcare, manufacturing and telecom industries.
Most of the malicious file types downloaded from the cloud were portable executable files, although the number was actually lower in 2022 than in 2021. The biggest increase last year was in malicious PDF files, followed by plaintext files, including PowerShell, Python and other scripts. Beyond downloadable files, malicious web content found in phishing pages, bitcoin miners and other sites typically consisted of JavaScript that could be executed by the browser.
How to defend against cloud-delivered malware
Netskope offers the following eight security recommendations to protect organizations from this threat:
1. Use multi-layered security
Take advantage of multi-layered and inline security protection to block inbound and outbound malware for all cloud and web traffic. The right cloud security tools can help you quickly scan all content.
2. Use granular policy controls
Enforce the use of granular policy controls to restrict the flow of data between apps, business and personal access, users and the web. Make sure your policies adapt based on the device, location and level of risk.
3. Use cloud security to limit the flow of sensitive data
Your cloud protection should restrict the movement of sensitive data to prevent it from reaching unauthorized devices, apps and instances.
4. Use real-time coaching to help your users
Real-time coaching and training can teach your users to use safer apps to protect their data and provide the right authentication for any unusual situations.
5. Use remote browser isolation to reduce browsing risks
With remote browser isolation, you can reduce the risk of browsing newly-registered domains, newly-observed domains and uncategorized websites.
6. Turn to multi-factor authentication
To protect against the use of stolen account credentials, implement multi-factor authentication and extend it to include unmanaged apps through your identity service provider or security service edge platform.
7. Take advantage of behavioral analytics
Use behavioral analytics to scan for compromised accounts and devices as well as insider threats.
8. Implement zero trust security policies
Apply zero trust policies to ensure least privilege access to sensitive data. Make sure that your policies provide ongoing monitoring and reporting to reveal any unknown risks or threats.
Make your organization more secure with our Zero Trust Cheat Sheet or watch our Top 5 things you need to know about zero trust.