Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

2/24/2021
05:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Netskope Research Finds Majority of Malware Now Delivered via Cloud Apps

SANTA CLARA, Calif. – Feb 24, 2021 – Netskope, the leading security cloud, today revealed new research showing that the majority of all malware is now delivered via cloud applications, underscoring how attackers increasingly abuse popular cloud services to evade legacy security defenses putting enterprise data increasingly at risk. 

The findings are part of the February 2021 Netskope Cloud and Threat Report, which analyzes the most interesting trends on enterprise cloud service and app use, web and cloud-enabled threats, and cloud data migrations and transfers. 

“Cybercriminals increasingly abuse the most trusted and popular cloud apps, especially for cloud phishing and cloud malware delivery,” said Ray Canzanese, Threat Research Director at Netskope. “Enterprises using the cloud need to quickly modernize and extend their security architectures to understand data content and context for apps, cloud services, and web user activity.”

Key Findings

Based on anonymized data collected from the Netskope Security Cloud platform across millions of users from January 1, 2020 through December 31, 2020, key findings of the report include: 

Cloud use on the rise. In 2020, the number of cloud apps in use per organization increased 20%. Organizations with 500 — 2,000 employees now use on average 664 distinct cloud apps per month. Of those apps, nearly half have a “Poor” Cloud Confidence IndexTM (CCI), a measure pioneered by Netskope to determine a cloud service’s enterprise readiness. 

Malware delivery continues to shift into the cloud, with 61% of all malware delivered via a cloud app, up from 48% year-over-year. 

Popularity of cloud apps in the enterprise makes them a target for phishing attacks. Cloud apps are now the target of one in three (36%) phishing campaigns. While the majority of phishing lures are still hosted on traditional websites, attackers are increasingly using cloud apps to gain footholds in organizations.

The volume of malicious Microsoft Office documents increased by 58%, as attackers are increasingly using malicious Office documents as Trojans to deliver next stage payloads, including ransomware and backdoors. Using cloud app delivery to evade legacy email and web defenses, malicious Office documents represent 27% of all malware downloads detected and blocked by the Netskope Security Cloud. 

Sensitive data in personal apps continues to grow. As work and home life continue to blend in the remote workforce, personal app instances in the enterprise increase, with 83% of users accessing personal app instances on corporate devices. The average enterprise user uploads 20 files to personal apps each month from these managed devices. Personal app usage in the enterprise greatly increases the likelihood of data being mishandled or leaked.

The Netskope Cloud and Threat Report is produced by Netskope Threat Labs, a team composed of the industry’s foremost cloud threat and malware researchers who discover and analyze the latest cloud threats affecting enterprises.

Get the full report here.

About Netskope

The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and delivers data-centric security from one of the world’s largest and fastest security networks, empowering the largest organizations in the world with the right balance of protection and speed they need to enable business velocity and secure their digital transformation journey. Reimagine your perimeter with Netskope.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27394
PUBLISHED: 2021-04-16
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions <...
CVE-2020-9667
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.
CVE-2020-9668
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.
CVE-2020-9681
PUBLISHED: 2021-04-16
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction.
CVE-2021-26830
PUBLISHED: 2021-04-16
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.