The “Cloud and Threat Report” for 2022 from Netskope Threat Labs highlights a cloud malware delivery increase in cloud environments, with Microsoft OneDrive leading the charts as the origin of the majority of cloud malware downloads, together with phishing, scams, credit card skimmers, exploit kits, and other malicious web content, emphasizing the importance of inspecting all content from all destinations for both web and cloud. Netskope detected malware downloads from 401 distinct cloud apps in 2022. The report states that the percentage of malware downloads increased, ending the year ten points higher than in 2021. In the last year, 48% of HTTP/HTTPS malware downloads originated from cloud apps, whereas 30% of all cloud malware downloads originated from Microsoft OneDrive, which is a reflection of attacker tactics, user behaviour, and company policy. By industry vertical, the largest increases in cloud malware downloads occurred in healthcare, manufacturing, and telecom. Per specific sector, Google Drive takes the top spot in retail and Azure Blob Storage leads in healthcare. The majority of malicious web content is hosted on a variety of different types of sites. The top ten categories include uncategorized sites and marketing sites, which account for only 13.6% of the total malicious web content access. Attackers have been populating their websites with enough content to make them seem legitimate, and only using them to host malicious content after they have been around long enough to blend in. They have also been abusing free hosting services and compromising existing websites to deliver malicious content.
Keep Your Cloud Protected
Several measures for organizations to protect themselves against cloud-delivered malware and malicious web content. These include:
- Deploy multi-layered, inline threat protection for all cloud and web traffic to block inbound malware and outbound malware communications.
- Enforce granular policy controls to limit data flow, including flow to and from apps, between the company and personal instances, among users, and to and from the web, adapting the policies based on device, location, and risk.
- Deploy cloud data protection to limit the movement of sensitive data, including preventing its movement to unauthorized devices, apps, and instances.
- Invoke real-time coaching to users to use safer app alternatives to protect data, justify unusual data activity, and provide step-up authentication for risky conditions within business transactions.
- Reduce browsing risk for newly registered domains, newly observed domains, uncategorized websites, and other security risk categories by using remote browser isolation (RBI).
- Mitigate the risk of stolen credentials by enabling multi-factor authentication (MFA) and extending MFA to unmanaged apps via an identity service provider or Security Service Edge (SSE) platform.
- Use behavioural analytics to detect compromised accounts, compromised devices, and insider threats.
- Enable zero trust principles for least privilege access to data with continuous monitoring and reporting to uncover unknown risks using a closed loop to then further refine access policies.
Get the full NetSkope report here.