Netskope has released the Netskope Cloud and Threat Spotlight: January 2022, disclosing new research highlighting the growth of malware and malicious payloads delivered by cloud apps. The analysis identified trends in cloud attacker activities and data risks from 2021 compared to 2020. Report Highlights:
- Google Drive emerges as the top app for malware downloads, taking over that spot from Microsoft OneDrive, while the percentage of malware downloads from cloud apps increased from 46%, peaked at 73% and plateaued at 66%.
- Emotet copycats continue to abuse Microsoft Office documents, which continue to represent one-third of all malware downloads, compared to one-fifth of all malware downloads prior to Emotet.
- More than half of managed cloud app instances are targeted by credential attacks, while the sources of such attacks shift from a few heavy hitters to a more decentralized attack.
- Employee attrition leads to data exfiltration, as one out of very seven users take data with them when they leave using personal app instances.
- Cloud adoption continues to rise, with the rising popularity of Cloud Storage apps attracting abuse by both attackers (for malware delivery) and insider threats (for data exfiltration).
<p>This informative report highlights the need for cloud-native solutions that seamlessly monitor for, detect and accelerate response against known and unknown or emerging malware that targets cloud infrastructure regardless of vendor. Based on the report, the most effective solution for combating these emerging threats requires a combination of behavioral-based security analytics combined with an understanding of identity, access and entitlements to prevent credential-based attacks. Using this approach offers a much-needed layer of data-loss prevention (DLP) already incorporated into specific next generation SIEMs and can alert security teams both earlier in the kill chain and with an unprecedented level of context and automation to prevent loss.</p>
<p>The rise of cloud-originating cyberattacks in 2021 is not surprising. Today the average organization deploys nearly 6,000 third-party SaaS applications; as this number increases, so does the attack surface for cyber actors. This is particularly true when vulnerabilities in common software components come to light. </p>
<p>At the beginning of 2022, the Log4j vulnerability has not only impacted millions of devices, but also dozens of leading cloud providers. Like the SolarWinds attack one year ago, it serves as a sobering reminder that organizations are dependent on third parties who may fall prey to malicious cyberactivity at any moment.</p>
<p>For this reason, the dichotomy between Web and Cloud-delivered malware is somewhat deceptive. While these may appear like two different and mutually exclusive channels for cyberactivity, they converge on the same underlying problem: organizations are not monitoring or defending against third-party threats, whether they originate through the Cloud, the software supply chain, or digital vendors.</p>
<p>The fact that more than half of the managed cloud attacks are still password/credential hacks shows how important identity is – not just devices but on cloud resources. The attackers love new deployments and new configurations – because they know that these new sites are often hastily assembled and lack true security and identity governance. That is why it is imperative that enterprise deploy the same principles of least privilege (NIST 800-53 rev 5, PR.AC-6) to ensure that the identities and the managing identities in the cloud are not overloaded with privileges and thus making the hackers job easier.</p>