Hackers Increasingly Targeting Cloud Apps to Distribute Malware
Hackers are increasingly using cloud apps for malware delivery, according to the latest Netskope Threat Labs Report. Historically, malicious actors have relived on email and malicious URLs for malware delivery and security solutions have been developed to protect against these attack vectors. Secure email gateways can detect and block malicious email attachments and URL filtering blocks access to malicious websites and as defenses against these vectors have improved, threat actors have had to look for alternative ways to deliver their malicious payloads and many are now taking advantage of the increasing popularity of enterprise cloud apps.
As is the case with other industries, cloud apps have proven popular in healthcare for improving productivity and supporting a remote workforce. The average enterprise healthcare user interacts with 22 cloud apps a month, with 94% of enterprise healthcare users downloading data from cloud apps each month. The most popular cloud apps in healthcare are OneDrive, Microsoft Teams, SharePoint, and Google Drive, with OneDrive used by 36% of enterprise healthcare users each day.
These cloud apps are being increasingly used by malicious actors for malware delivery, according to Netskope. Cloud apps were leveraged in 38% of malware infections in March 2022, and 42% of malware infections in February 2023. By utilizing cloud apps for malware delivery, malicious actors are able to bypass standard security solutions such as spam and URL filters, which do not inspect cloud traffic.
OneDrive is the most popular cloud app in healthcare, and it is the one that is most frequently abused by malicious actors for malware delivery, followed by the free web hosting service, Weebly, and the cloud-based content management, file sharing, and collaboration app, Box. Malware infections through Box were 6.6% higher in healthcare than in other industries and accounted for 12% of malware infections.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The malware most commonly delivered through web apps over the past 12 months is Trojans, which provide threat actors with an initial foothold in a network. Trojans are delivered by initial access brokers who sell that access to other cybercriminal groups or use that foothold to deliver other malware or legitimate tools that allow them to move laterally and achieve a much more extensive compromise. Downloaders are also commonly distributed via cloud apps, followed by file-based exploits for exploiting known unpatched vulnerabilities, information stealers, and backdoors.
As cloud apps become more popular and data uploads and downloads from cloud apps increase, abuse of these apps is only likely to increase and they are a potential weak point in security. It is important to inspect all HTTP and HTTPS downloads, including those from cloud apps, and to subject all risky file types – such as executable files – to static and dynamic analysis before they are downloaded. Consider restricting access to or blocking downloads from cloud apps that you do not specifically authorize for use, and block uploads to those apps to limit the potential for data exposure. Netskope also recommends implementing an intrusion prevention system that is capable of identifying and blocking malicious traffic patterns.