cloud-delivered malware

(Source – Shutterstock)

Cloud-delivered malware tripled in Australia in 2022

Cloud-delivered malware continues to be a huge problem for enterprises around the world. Despite cybersecurity measures taken to detect it, new research shows that there are over 400 distinct cloud applications that delivered malware in 2022.

According to the Netskope Threat Research report, the number of malware downloads from cloud apps tripled in amount in 2022 compared to the previous year. While Europe dominates most malware downloads from websites, Australia recorded one of the highest malware downloads from cloud apps.

The COVID-19 pandemic and hybrid work have resulted in businesses moving more workloads to the cloud and investing in more cloud apps as well. With cloud apps heavily used by most businesses today, cyber attackers are taking advantage of vulnerabilities in these apps. These vulnerabilities make cloud apps an ideal home for hosting malware which can inflict harm on an organization.

There has been an increased percentage of users uploading content to the cloud. One in four users worldwide (25%) uploaded documents daily to Microsoft OneDrive, while 7% did so for Google Gmail and 5% for Microsoft Sharepoint. The drastic increase in active cloud users across a record number of cloud applications led to a sizable increase in cloud malware downloads in 2022 from 2021, after remaining close to flat in 2021 compared to 2020.

The correlation between uploads and downloads among the most popular apps is no coincidence. Nearly a third of all cloud malware downloads originated from Microsoft OneDrive, with Weebly and GitHub coming in the next closest among cloud apps at 8.6% and 7.6%, respectively.

Ray Canzanese, Threat Research Director at Netskope Threat Labs explained that attackers are increasingly abusing business-critical cloud apps to deliver malware by bypassing inadequate security controls. He added that this is why more organizations must inspect all HTTP and HTTPS traffic, including traffic for popular cloud apps, both company and personal instances, for malicious content.

Cloud-delivered malware causing more havoc.

Cloud-delivered malware is now responsible for a much higher percentage of all malware delivery than ever before, especially in certain geographic regions and industries. In 2022, several geographic regions saw significant increases in the overall percentage of cloud vs. web-delivered malware compared to 2021, including:

  • Australia (50% in 2022 compared to 40% in 2021)
  • Europe (42% in 2022 compared to 31% in 2021)
  • Africa (42% in 2022 compared to 35% in 2021)
  • Asia (45% in 2022 compared to 39% in 2021)

In certain industries, cloud-delivered malware also became more predominant globally, especially:

  • Telecom (81% in 2022 compared to 59% in 2021)
  • Manufacturing (36% in 2022 compared to 17% in 2021)
  • Retail (57% in 2022 compared to 47% in 2021)
  • Healthcare (54% in 2022 compared to 39% in 2021)

In Australia specifically, user dispersion—the ratio of users on the Netskope platform to the number of network locations from which those users’ traffic originates— for remote and hybrid work is 66%, the same percentage as at the start of the pandemic over two years ago. Remote and hybrid work dynamics continue to pose multiple cybersecurity challenges, including how to securely provide users access to the company resources they need to do their jobs and how to scalably and securely provide users access to the internet.

As such, Netskope recommends organizations enforce granular policy controls to limit data flow, including flow to and from apps, between company and personal instances, among users, to and from the web, adapting the policies based on device, location, and risk. Organizations should also deploy multi-layered, inline threat protection for all cloud and web traffic to block inbound malware and outbound malware communications as well as enable multi-factor authentication for unmanaged enterprise apps.

These actions can help avoid increased risk of security incidents stemming from the cloud and web-delivered malware.