Cloud Apps Replace Web as Source for Most Malware Downloads

Cloud Malware

New research shows that enterprise organizations these days are far more likely to experience malware downloads from cloud applications than any other source.

Researchers at Netskope recently analyzed data gathered from customer networks and discovered that more than two-thirds of malware downloaded to enterprise networks between Jan. 1, 2020, and Nov. 30, 2021, originated from cloud applications. The security vendor found that cloud-delivered malware has become more prevalent than malware delivered via the Web and via malware-laced websites.

Much of the shift has to do with convenience and cost for attackers, says Ray Canzanese, director of Netskope Threat Labs.

Cloud storage apps offer free or low-cost file hosting services and give attackers a way to reach many potential victims. “Attackers trying to get a foothold in an organization know that a user is more likely to open a link to a service that they regularly use,” such as Google Drive, he says. “If an attacker sent me a link to download a file from Dropbox, I might not click on it because I rarely use Dropbox for work.

Significantly, many widely used cloud apps are relatively trivial to abuse, though major cloud service providers are getting better at spotting and taking down malicious activity quickly. Attackers can easily create a free account for many cloud storage apps and just start uploading malware samples to them, Canzanese says. 

“Then they share links to that content, either natively through the app or by generating a publicly accessible link and sharing it via email, social media, malicious websites, text messages, or any other means,” he notes.

Netskope’s analysis showed that Google Drive has replaced Microsoft OneDrive as the cloud app that attackers most frequently use to try to distribute malware to enterprise networks. In fact, most cloud malware in 2021 was hosted and distributed via Google Drive. Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *