The realm of cloud-based security is experiencing an alarming surge in threats, outpacing previous growth rates, as cybercriminals devise new and inventive techniques to exploit this cutting-edge technology. According to Netskope’s recent Cloud & Threat Report on Global Cloud and Web Malware Trends, over half (55%) of all malware downloads via HTTP and HTTPS protocols now originate from cloud applications, representing a significant increase from the 35% reported during the same period the previous year.
This substantial year-on-year rise can be attributed to the mounting instances of malware downloads from popular enterprise cloud apps. Microsoft’s OneDrive has emerged as the most favoured enterprise app by a considerable margin. Additionally, Netskope identified 261 distinct malicious applications in Q1 of this year, indicating a continued upward trend in the proliferation of malware-infected apps.
Compounding the issue, only a fraction of web malware downloads can be traced back to the so-called “risky web categories.” The majority of these downloads are dispersed across various sites, with content delivery networks (CDNs) being the primary medium, accounting for 7.7% of the market share.
In Q1 2023, approximately five out of every 1,000 enterprise users attempted to download malware, with nearly three-quarters (72%) of these downloads comprising new variants. Alarmingly, almost 10% of all downloads originated from search engine queries, as threat actors exploit data voids and engage in SEO poisoning for rare search results. This represents just one of the many rapidly evolving social engineering techniques employed by attackers, as highlighted by the researchers.
Notably, social engineering remains the dominant method for malware delivery, with email, collaboration apps, and chat apps being exploited to deceive individuals into downloading malware. Trojans emerged as the most prevalent type of malware, accounting for 60% of all downloads while phishing downloads constituted 13% of the total.
As cloud adoption continues to soar, organizations must remain vigilant and prioritize robust security measures to counteract the escalating cloud-based security threats. Proactive defences, user education, and comprehensive security solutions are essential in mitigating the risks and safeguarding sensitive data within cloud environments.
