cloud malware

Cloud Apps Replace Web as Source for Most Malware Downloads

Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.

New research shows that enterprise organizations these days are far more likely to experience malware downloads from cloud applications than any other source.

Researchers at Netskope recently analyzed data gathered from customer networks and discovered that more than two-thirds of malware downloaded to enterprise networks between Jan. 1, 2020, and Nov. 30, 2021, originated from cloud applications. The security vendor found that cloud-delivered malware has become more prevalent than malware delivered via the Web and via malware-laced websites.

Much of the shift has to do with convenience and cost for attackers, says Ray Canzanese, director of Netskope Threat Labs.

Cloud storage apps offer free or low-cost file hosting services and give attackers a way to reach many potential victims. "Attackers trying to get a foothold in an organization know that a user is more likely to open a link to a service that they regularly use," such as Google Drive, he says. "If an attacker sent me a link to download a file from Dropbox, I might not click on it because I rarely use Dropbox for work."

Significantly, many widely used cloud apps are relatively trivial to abuse, though major cloud service providers are getting better at spotting and taking down malicious activity quickly. Attackers can easily create a free account for many cloud storage apps and just start uploading malware samples to them, Canzanese says.

"Then they share links to that content, either natively through the app or by generating a publicly accessible link and sharing it via email, social media, malicious websites, text messages, or any other means," he notes.

Netskope's analysis showed that Google Drive has replaced Microsoft OneDrive as the cloud app that attackers most frequently use to try to distribute malware to enterprise networks. In fact, most cloud-malware in 2021 was hosted and distributed via Google Drive.

Aynı zamanda, silahlaştırılmış Microsoft Office belgeleri aracılığıyla yayılan kötü amaçlı yazılım, tüm kötü amaçlı yazılım indirmelerinin %37'sine sıçradı - 2020'nin başındaki %19'dan neredeyse iki katına çıktı. Artan hacmin en azından bir kısmı, aşağıdakileri içeren bir spam kampanyasıyla ilgiliydi. 2020'nin ikinci çeyreğinde, kötü amaçlı Microsoft Office belgelerinin kullanımını içeren Emotet Truva Atı. O zamandan beri, çok sayıda başka saldırgan taktiği kopyaladı ve son altı çeyrekte kötü amaçlı yazılım dağıtmak için Office belgelerinin kullanımında istikrarlı bir artışa katkıda bulundu.

"No matter which cloud apps your company uses, attackers are abusing them," Canzanese says.

Google Drive, OneDrive, and Box are attacker favorites. But they are by far not the only cloud apps that attackers are leveraging to distribute malware. Netskope blocked malware downloads from as many as 230 different cloud apps in 2021. "Chances are that the apps that many organizations trust are on this list," he notes.

Bulut Uygulamaları Çoğu Kötü Amaçlı Yazılım İndirmesinde Kaynak Olarak Web'in Yerini Aldı Click to Tweet

New Challenge

For security teams, the shift to cloud-based malware delivery presents a new challenge.

"Organizations that have taken a 'trust the apps we use approach' should shift to a more defensive policy that scans downloads from and uploads to those apps," Canzanese says. Organizations need to take a zero-trust approach to scanning content that users upload and download, regardless of origin. Also important is the need for organizations to use single sign-on and multifactor authentication to protect cloud app accounts, he notes.

Netskope's analysis showed that threat actors are also actively targeting managed cloud apps — or cloud apps such as Google Workspaces or Office 365, which a centralized IT function might manage — in credential attacks. In many instances, the goal is to try to gain access to the data stored in these apps, or to use the app to gain a broader foothold on a compromised network.

Cloud service providers and enterprise security teams both face challenges keeping a step ahead of attackers abusing cloud apps, Canzanese says. But some cloud providers are making things harder for attackers, he says.

Services like Google Drive and OneDrive do malware scanning, which means attackers must craft payloads that cannot be automatically detected and blocked. When an attack is discovered, such services are usually quick at taking down the activity, which means threat actors have only a limited time window for carrying out an attack, he says.

"For most cloud service providers," Canzanese says, "one challenge is to respond to abuse notifications in a timely manner, to ensure that attacks are stopped quickly after they are discovered."


Source: https://www.darkreading.com/cloud/cloud-apps-replace-web-as-source-for-most-malware-downloads


If you are interested in this content, you can follow my LinkedIn and Twitter accounts and access more content.


Join our list

Sign up for the e-mail list to be informed about the developments in the cyber world and to be informed about the weekly newsletter.

Haber bültenine kaydolduğunuz için teşekkürler!

Something went wrong.

Leave a Comment

Bulut Uygulamaları Çoğu Malware İndirmesinde Kaynak Olarak Web'in Yerini Aldı

4 min