Google Drive, OneDrive top cloud apps for malware delivery: report

Dive Brief:

Cloud apps are the leading malware distributor, overtaking web downloads, according to research from Netskope. The research is based on anonymized data collected from the Netskope Security Cloud between Jan. 1, 2020 to Nov. 30, 2021.
Widespread adoption led cloud storage apps to account for 69% of malware downloads in 2021.
Google Drive replaced Microsoft OneDive as the app with the most malware downloads in 2021, representing 37% of malware downloads, compared to OneDrive at 20%. The remaining top apps for malware downloads include Sharepoint, Amazon S3 and Github.

Dive Insight:

Attackers leverage popular cloud apps because users trust solutions they use daily.

"The most concerning finding was the continuing trend of malicious Office documents and cloud app abuse for malware delivery. It is not just that attackers are continuing to deliver malicious content using Office docs and cloud apps, but that they continue to have success in reaching users," said Ray Canzanese, threat research director at Netskope Threat Labs, via email.

Because Netskope's findings are based on blocked malware, the hacker's attempts to get a user to open a malicious download were initially successful.

Threat groups, including Emotet, took advantage of cloud apps in 2020 increasing from 46% of malware delivery in Q1 to 65% in Q4. However, last year cloud-based malware delivery plateaued at about 66% from Q2 through Q4, the report said. Netskope anticipates the trend to continue into 2022.

Cryptominers and ransomware are the most common malware in cloud environments, IBM found. Bad actors are creating malware customized for the cloud and updating old malware with focus on Docker containers and written in languages like Golang for running cross-platform, the 2021 IBM Security X-Force Cloud Threat Landscape Report said.

The most popular apps, based on the percentage of users who interact with them, are Microsoft OneDrive, Google Drive, Amazon S3, and Box, Netskope found.

While implementing cloud-based solutions in the pandemic, companies prioritized continuity and productivity and security fell behind. Companies lack the right skills to monitor the hastily adopted tools, but industry is resolving the issue.

Over the next five years, industry expects 164% increase in application development security skill growth, followed by 115% increase in cloud security skill growth, according to data from (ISC)².

While industry upskills talent to incorporate more security, the shared responsibility model, distributing security between vendors and customers, shows what businesses need to protect. Customers are generally "responsible for minimizing risk of malware exposure," said Canzanese.

"Most cloud storage apps don't do any proactive scanning of customer-uploaded data, but they do have abuse teams that take down content from attackers that abuse their apps," he said. "Some apps, notably Google Drive and Microsoft OneDrive, do some limited signature-based malware scans to limit malicious content from being shared on their platforms."

Canzanese recommends businesses have a scanner in place for detecting malicious content in incoming documents. "A combination of signatures, heuristics and a sandbox can accurately detect and block malicious Office documents before users can open them," he said. And standard security training — that makes users question whether they should click "enable content" when delivered a malicious document — is a must.