Skip to main content
close search
site logo
Dive Brief

Cloud is a haven for malware, Netskope finds

Published Feb. 24, 2021
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Getty Images

Dive Brief:

  • Cloud application credentials are the target for more than one-third of phishing campaigns, according to Netskope's Cloud and Threat report released Wednesday. The research was collected from annonymized usage data from the Netskope Security Cloud platform between January 2020 and Dec. 31, 2020. Netskope data drew on insights from "millions of users," the company said. 
  • At the end of 2020, 61% of malware was delivered via cloud-based apps, compared to 48% in Q1 2020, according to the report. Microsoft OneDrive, Amazon S3, Microsoft Sharepoint, Box and GitHub were among the most popular apps used to deliver malware.  
  • In 2020, 13% of phishing pages were found in cloud services, according to Netskope. Hackers are successful in cloud-based phishing and malware attacks because they pursue "trusted domains, valid certificates, and the practice of allow-listing popular apps to bypass inline defenses only reduces friction for attack success," according to the report.

Dive Insight:

Phishing and malware pushed companies to focus on protecting endpoints and assessing cloud storage security, especially in a remote work environment.

Hackers targeting cloud app credentials hide in plain sight because they can avoid phishing-detection solutions. Using familiar-looking domains or websites accompanied by HTTPS certificates are the perfect place for phishing attacks to hide, according to Check Point. Hackers latch onto public cloud services, such as Google Cloud or Microsoft Azure, for hosting the phishing pages. 

"The attackers can overcome this obstacle and disguise their malicious intent, improving their chances of ensnaring even security-savvy victims," said Check Point. 

The remote workforce set up a perfect storm for hackers with unfettered access to the cloud. The use of cloud-based applications increased 20% year over year in 2020, according to the report. Organizations with between 500 and 2,000 employees use 664 "distinct cloud apps" monthly. 

Before the pandemic sent employees home, for companies that are cloud-first or cloud-only, there was no local infrastructure tying them to an office, said Barak Engel, founder and chief geek at EAmmune, while speaking on a virtual SANS Institute fireside chat in January. 

Organizations unaccustomed to that cloud-only model, where they still manage a local IT infrastructure, likely feel "there's an increased attack surface because you're not used to that," said Engel. "I'm just not sure how much of it is an actual increase in the attack surface" versus what is perceived as an increase in attack surface. "One may not match the other," he said. 

The high volume of cloud apps doesn't directly correlate with weakened security. It's the quality of the apps that matter. Nearly half of the apps used in enterprises were ranked as having a poor Cloud Confidence Index (CCI), according to Netskope. 

The company uses the CCI audit to compare cloud services against their peers in security. Of those low-graded apps found in the enterprise, the top apps employees upload data to include Yahoo Mail, ILovePDF and PDF to PNG.

Filed Under: Threats

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Editors' picks
Latest in Threats
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell