Content, Content

Cloud Threats: Malware Delivery, Risky App Usage Climb

Credit: Pixabay

We are in uncharted waters with the coronavirus pandemic--working remote, meeting online, and grappling with the new normal--behavior that has opened doors to a host of cloud-enabled threats, Netskope said in the current edition of its Cloud and Threat Report.

Indeed, owing to COVID-19 the number of people working remotely has risen by 148 percent and the use of dicey applications and websites, including adult content, from managed devices has spiked 161 percent, the security specialist said. Nearly two in every three workers do so from home or other remote locations.

The report’s findings illuminate how much work life and the application landscape have changed. Here are some of the report’s top line data:

  • 64% workers are now remote, a 148% increase.
  • 161% increase in visits to high-risk apps and sites.
  • 600% increase in visits to adult content.
  • 97% increase for personal use of managed devices.
  • 80% increase in the use of collaboration apps.
  • Cloud-based malware delivery (vs. web) increased to 63%.
  • 7% of all users uploaded sensitive corporate data to personal instances of cloud apps.
  • 2% increase in the total number of cloud apps in use in the enterprise, with the largest enterprises now using more than 7,000 apps.

On cloud malware and phishing:
Cloud malware and phishing were the most common cloud threat tactics in the first half of 2020, the report said. The top cloud apps and services from which Netskope blocked malware downloads:

  • Microsoft Office 365 OneDrive for Business.
  • Sharepoint.
  • Box.
  • Google Drive.
  • Amazon S3.

Netskope also offered 10 best practices to protect data and users:

  1. Strong authentication and access controls (SSO, MFA).
  2. Adaptive access controls based on the user, app, device, location, data, and destination to selectively grant access to specific activities.
  3. Zero-trust network access to private apps in data centers and public cloud services to reduce exposure of apps and limit network lateral movement.
  4. Continuous security assessment of public cloud services to detect misconfigurations and publicly exposed data.
  5. Cloud inline analysis of managed and unmanaged cloud apps for data context to enable data and threat protection defenses.
  6. Selective and safe enablement of cloud applications based on a 3rd party risk assessment of applications with the ability to recommend safer alternatives.
  7. Granular policy controls for data movement to and from apps, instances, users, websites, devices, and locations.
  8. Cloud data protection for sensitive data from internal and external threats.
  9. Behavior analysis for anomalies, plus confidence index scores for users with event correlation timelines to visualize changes in behavior.
  10. Real-time coaching to users on activity and data movement with justification collection, proceed/cancel, or warning alerts to change user behavior.

“Cybercrime continues to abuse the most trusted and popular cloud apps, including for cloud phishing and cloud malware delivery,” Netskope said. “Allow/deny no longer works as you need to safely enable cloud and web access as there are many boundary crossings for data movement, plus the delivery of threats that increasingly seek credentials for access to cloud data. ”

The report is based on anonymized data collected from the Netskope Security Cloud platform across millions of users from January 1, 2020 through June 30, 2020.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.