If there’s one certainty in cybersecurity, it’s that attackers will go where enterprise workers go — and enterprise workers went cloud in a big way in 2020.
That enterprises, in their rapid shift to remote work, moved to cloud computing last year shouldn’t surprise anyone. And that’s precisely what happened, according to a recently released report from cloud security services provider Netskope. The report is based on anonymized data Netskope collected from its userbase throughout 2020.
The report, Cloudy with a Chance of Malice, finds the use of cloud apps in the enterprise continues to increase, with 53% of Web traffic now being cloud-related, a 20% year over year increase, and 61% of all malware directly being delivered via the cloud. Here’s another interesting data point from the report: organizations with between 500 and 2,000 employees use, on average, 664 separate cloud apps a month.
According to the report, attackers are also targeting the most popular apps used by enterprise employees. To avoid blocklists, attackers are often turning to these popular apps with trojans and next-stage malware. The report cites the GuLoader downloader as “one of the top malware delivery mechanisms of 2020” using Microsoft OneDrive and Google Drive to deliver payloads.
According to Netskope, malware was blocked in 95 separate apps. “However, attackers still tend to favor using apps that are popular in the enterprise. Cybercriminals uploaded the majority of the blocked malware to the most popular cloud storage and collaboration apps in the enterprise,” the report said.
Of course, Microsoft Office documents have always been a popular attack vector, and last year was no different. According to Netskope, last summer witnessed a tremendous spike in malware. “As the Emotet crew became active again, primarily using malicious Office documents to gain an initial foothold into their victims’ networks. Malicious Office documents represented 17% of all malware detected by the Netskope Security Cloud platform at the beginning of the year, increasing to 38% at the peak of the Emotet activity in Q3 and ending the year at 27%. In 2020, the Netskope Security Cloud blocked downloads of malicious Office documents from 64 different cloud apps, with the majority coming from the most popular cloud storage and collaboration apps used in the enterprise,” the report said.
Additionally, 36% of phishing campaigns target cloud app credentials and 13% of campaigns use phishing lures hosted in the cloud, as attackers continue to use cloud apps to gain footholds in organizations.
Finally, sensitive data in personal apps is a rising challenge. As remote work becomes the new norm, the instances of personal apps creeping into enterprise workflows increase. “A full 83% of users accessing personal app instances on corporate devices. The average enterprise user uploads 20 files to personal apps each month from these managed devices. Personal app usage in the enterprise greatly increases the likelihood of data being mishandled or leaked,” Netskope said in a statement.
Netskope recommends organizations implement the following best practices:
“Cybercriminals increasingly abuse the most trusted and popular cloud apps, especially for cloud phishing and cloud malware delivery,” says Ray Canzanese, threat research director at Netskope. “Enterprises using the cloud need to quickly modernize and extend their security architectures to understand data content and context for apps, cloud services, and web user activity,” he says.
tags
George V. Hulme is an internationally recognized information security and business technology writer. For more than 20 years Hulme has written about business, technology, and IT security topics. From March 2000 through March 2005, as senior editor at InformationWeek magazine, he covered the IT security and homeland security beats. His work has appeared in CSOOnline, ComputerWorld, Network Computing, Government Computer News, Network World, San Francisco Examiner, TechWeb, VARBusiness, and dozens of other technology publications.
View all postsDon’t miss out on exclusive content and exciting announcements!