The Netskope Cloud and Threat Spotlight: January 2022 revealed research highlighting the continued growth of malware and other malicious payloads delivered by cloud applications.
The year-on-year analysis identified the top trends in cloud attacker activities and cloud data risks from 2021 compared to 2020 and highlighted that attackers are achieving more success delivering malware payloads to their victims and offering advice for improving security posture in 2022.
Ray Canzanese, threat research director at Netskope Threat Labs said: “The increasing popularity of cloud apps has given rise to three types of abuse described in this report: attackers trying to gain access to victim cloud apps, attackers abusing cloud apps to deliver malware, and insiders using cloud apps for data exfiltration.
“The report serves as a reminder that the same apps that you use for legitimate purposes will be attacked and abused. Locking down cloud apps can help to prevent attackers from infiltrating them, while scanning for incoming threats and outgoing data can help block malware downloads and data exfiltration.”
The Netskope Cloud and Threat Spotlight is produced by the firm’s Threat Labs which is a team composed of researchers who discover and analyse the latest cloud threats affecting enterprises.
The key findings of the report include:
- Cloud-delivered malware is now more prevalent than web-delivered malware. In 2021, malware downloads originating from cloud apps increased to 66% of all malware downloads when compared to traditional websites, up from 46% at the beginning of 2020.
- Google Drive emerged as the top app for most malware downloads. The research found that Google Drive now accounts for the most malware downloads in 2021, taking over the top spot from Microsoft OneDrive.
- Cloud-delivered malware via Microsoft Office nearly doubled from 2020 to 2021. Malicious Microsoft Office documents increased to 37% of all malware downloads at the end of 2021 compared to 19% at the beginning of 2020, as attackers continue to use weaponized Office Documents to gain an initial foothold on target systems.
The Emotet malspam campaign was introduced in Q2 2020 and kicked off a spike in malicious Microsoft Office documents that copycat attackers have sustained over the past six quarters, with no signs of slowing down.
The results were based on anonymised data collected from the Netskope Security Cloud across millions of users worldwide from January 1, 2020 to November 20, 2021.