Cloud-Delivered Malware Spikes in 2022

By Greg Tavarez, TMCnet Editor  |  January 16, 2023

Cloud applications and cloud infrastructure are more and more relied upon throughout most industries today, especially after the accelerated push from the COVID-19 pandemic towards more hybrid and/or remote work.

Cloud applications are convenient because employees can access them from anywhere at any time. However, it’s not just employees wanting to access company cloud apps. Bad actors in cyberattacks do, as well. They view these apps as an ideal home for hosting malware and causing harm.

And they are doing just that. In fact, research from Netskope Threat Labs reports that more than 400 distinct cloud applications delivered malware in 2022. This is nearly triple the amount seen in 2021. Of those attacks in 2022, Netskope researchers report that 30% of all cloud malware downloads originated from Microsoft (News - Alert) OneDrive.

There isn’t one industry predominantly falling victim to malware attacks, either. The telecom, manufacturing, retail and healthcare industries all saw spikes in cloud-delivered malware for 2022 when compared to 2022.

The increase in malware downloads overall comes down to attacker tactics, user behavior and company policy. A cloud malware download occurs when the malware is successfully uploaded to and shared from the cloud app. This happens when the user is tricked into downloading the malware, and company policy is allowing the user access to file.

The threat is expected to remain as long as cloud applications are used. Organizations need to find ways to better protect themselves.

To guard against the rise in cloud-delivered malware, organizations should ensure that all HTTP and HTTPS traffic, including traffic for popular cloud apps, is inspected for malicious content. Organizations also can potentially reduce their risk surface by restricting downloads from apps that serve no valid business purpose. Restricting or applying extra scrutiny to file types commonly abused by attackers, like EXE, DLL, BAT, REG, ISO, and LNK, reduce malware risk.

Other tactics that are recommended by Netskope include deploying multi-layered, inline threat protection for all cloud and web traffic to block inbound malware and outbound malware communications. Also, organizations need to enable MFA (News - Alert) for unmanaged enterprise apps.

"Attackers are increasingly abusing business-critical cloud apps," said Ray Canzanese, threat research director, Netskope Threat Labs. "It is imperative that more organizations inspect all HTTP and HTTPS traffic, including traffic for popular cloud apps, both company and personal instances, for malicious content."

Remote and hybrid work dynamics continue to pose cybersecurity challenges. Organizations and IT leaders are in the spotlight to find ways to securely provide users access to the company resources they need to do their jobs.




Edited by Alex Passett