March 28, 2023

The amount of cloud-based malware tripled in 2022 over the prior yr, says Netskope, with 30% of the malicious downloads coming from Microsoft OneDrive.

A digital cloud over red symbols representing malware.
Picture: AndSus/Adobe Inventory

As extra organizations have turned to the cloud to retailer and work with their knowledge, functions and different belongings, cybercriminals are more and more exploiting cloud-based providers to arrange malicious downloads. A new report from network security provider Netskope appears to be like on the rise in cloud-delivered malware and supplies tips about tips on how to defend your group from these threats.

Soar to:

Why the shift to the cloud has led to extra cloud-based malware

The shift to hybrid and distant work has led to a higher use of apps akin to Microsoft OneDrive, SharePoint and Microsoft Groups, and there was a dramatic rise within the variety of customers importing content material to those and different cloud-based providers in 2022. Final yr, greater than 25% of individuals world wide uploaded paperwork every day to Microsoft OneDrive, 7% to Google Drive and 5% to Microsoft SharePoint.

SEE: Hiring Equipment: Cloud Engineer (TechRepublic Premium)

The supply of cloud-based malware additionally shot up in 2022, triggered by a rise within the quantity of apps being exploited to launch malware and the variety of malicious downloads from common apps. For the yr, Netskope discovered 400 distinct cloud functions delivering malware, nearly triple the variety of the earlier yr. Some 30% of all malicious downloads from the cloud got here from Microsoft OneDrive, adopted by 8.6% from internet hosting website Weebly and seven.6% from the software program internet hosting website GitHub.

Why cloud-based assaults succeed

Malware cyberattacks that exploit OneDrive and different websites are profitable for 3 causes: ways, consumer conduct and firm coverage. For a malicious cloud-based obtain to work, the attacker should use the best ways to add and share the malware from the cloud app. Then a consumer should be duped into downloading the malware. Lastly, firm coverage should enable the worker to achieve entry to the malicious file.

Different varieties of threats, akin to phishing scams, bank card skimmers and faux web sites, have helped attackers disguise their malicious content material to idiot unsuspecting victims. Some 94% of malicious internet content material seen final yr was delivered through these threats.

The place the most important will increase in malware occurred in 2022

In 2022, the most important will increase in cloud-delivered malware occurred in Australia and Europe, whereas the most important decline was seen in North America. Nonetheless, the proportion of those malicious downloads remained highest in North America, adopted by Australia, Asia and Africa. completely different industries, the most important will increase in cloud-based malware occurred in healthcare, manufacturing and telecom.

Many of the malicious file sorts downloaded from the cloud have been transportable executable information, though the quantity was really decrease in 2022 than in 2021. The largest enhance final yr was in malicious PDF information, adopted by plaintext information, together with PowerShell, Python and different scripts. Past downloadable information, malicious internet content material present in phishing pages, bitcoin miners and different websites sometimes consisted of JavaScript that might be executed by the browser.

The way to defend in opposition to cloud-delivered malware

Netskope provides the next eight cybersecurity suggestions to guard organizations from cloud-delivered malware threats.

1. Use multi-layered safety

Make the most of multi-layered and inline safety safety to dam inbound and outbound malware for all cloud and internet visitors. The best cloud safety instruments may help you shortly scan all content material.

2. Use granular coverage controls

Implement using granular coverage controls to limit the move of knowledge between apps, enterprise and private entry, customers and the net. Ensure that your insurance policies adapt based mostly on the gadget, location and degree of danger.

3. Use cloud safety to restrict the move of delicate knowledge

Your cloud safety ought to prohibit the motion of delicate knowledge to forestall it from reaching unauthorized gadgets, apps and situations.

4. Use real-time teaching to assist your customers

Actual-time teaching and coaching can train your customers to make use of safer apps to guard their knowledge and supply the best authentication for any uncommon conditions.

5. Use distant browser isolation to scale back searching dangers

With distant browser isolation, you may cut back the chance of searching newly-registered domains, newly-observed domains and uncategorized web sites.

6. Flip to multi-factor authentication

To guard in opposition to using stolen account credentials, implement multi-factor authentication and lengthen it to incorporate unmanaged apps by your identification service supplier or safety service edge platform.

7. Make the most of behavioral analytics

Use behavioral analytics to scan for compromised accounts and gadgets in addition to insider threats.

8. Implement zero belief safety insurance policies

Apply zero belief insurance policies to make sure least privilege entry to delicate knowledge. Be sure that your insurance policies present ongoing monitoring and reporting to disclose any unknown dangers or threats.

Make your group safer with our zero belief cheat Sheet or watch our video: High 5 issues it’s essential to find out about zero belief.