New research by Netskope, a secure access service edge (SASE) specialist, found that more than 400 unique cloud applications delivered malware in 2022, nearly triple the amount of the prior year.
Where's the Malware Originating From?
The Santa Clara, California-based company’s data also showed that some 30% of all cloud malware downloads in 2022 originated from Microsoft OneDrive. Netskope’s Cloud & Threat Report for 2022 also found that more than 25% of users worldwide uploaded documents daily to Microsoft OneDrive, while 7% did so for Google Gmail and 5% for Microsoft Sharepoint.
The drastic increase in active cloud users across a record number of cloud applications led to an increase in cloud malware downloads in 2022 from 2021, Netskope’s researchers said.
As Ray Canzanese, Netskope threat research director, explained:
"Attackers are increasingly abusing business-critical cloud apps to deliver malware by bypassing inadequate security controls. That is why it is imperative that more organizations inspect all HTTP and HTTPS traffic, including traffic for popular cloud apps, both company and personal instances, for malicious content."
The Study, by the Numbers
In 2022, several geographic regions saw significant increases in the overall percentage of cloud vs. web-delivered malware compared to 2021, including:
- Australia (50% in 2022 compared to 40% in 2021)
- Europe (42% in 2022 compared to 31% in 2021)
- Africa (42% in 2022 compared to 35% in 2021)
- Asia (45% in 2022 compared to 39% in 2021)
In certain industries, cloud-delivered malware also became more prevalent worldwide:
- Telecom (81% in 2022 compared to 59% in 2021)
- Manufacturing (36% in 2022 compared to 17% in 2021)
- Retail (57% in 2022 compared to 47% in 2021)
- Healthcare (54% in 2022 compared to 39% in 2021)
Regarding Cyber Preparedness
Remote and hybrid work dynamics continue to pose multiple cybersecurity challenges, including how to securely provide users access to the company resources they need to do their jobs and how to scalably and securely provide users access to the internet.
Netskope recommends organizations take the following actions to avoid increased risk of security incidents stemming from cloud- and web-delivered malware:
- Enforce granular policy controls to limit data flow, including flow to and from apps, between company and personal instances, among users, to and from the web, adapting the policies based on device, location, and risk.
- Deploy multi-layered, inline threat protection for all cloud and web traffic to block inbound malware and outbound malware communications.
- Enable multi-factor authentication for unmanaged enterprise apps.