According to the latest Cloud Threats Report from cybersecurity firm Netskope, malware attacks delivered through the cloud increased 68 percent in the second quarter of this year, with cloud storage applications accounting for more than 66 percent of cloud malware deliveries.
In Q2 2021, 43% of all malware downloads were malicious Office documents, up from 20% in early 2020. This growth persisted even after Emotet was taken down, suggesting that other attackers have discovered Emotet users and employed similar techniques.
Collaboration apps and development tools accounted for the second largest share, as attackers abused popular chat apps and code repositories to spread malware. In total, Netskope detected and blocked malware downloads from 290 different cloud applications in the first half of 2021.
“Cybercriminals spread malware through cloud applications to bypass blocklists and take advantage of any application-specific allowlists,” the report researchers explained. Cloud service providers typically remove most malware immediately, but some Attackers have found ways to wreak havoc in a system for a short period of time without being detected.”
According to the report, about 35% of workloads are exposed on the public Internet in AWS, Azure, and GCP, and public IP addresses can be accessed from anywhere on the Internet.
RDP servers have become a “popular penetration vector” for attackers, being exposed in 8.3% of workloads. The use of enterprise cloud applications within enterprises has been growing rapidly, with data showing a 22% increase in adoption of cloud applications in the first half of this year. Large companies with an average of 500-2,000 employees now deploy 805 different applications and cloud services. However, 97% of cloud applications used by enterprises are not managed programmatically and are often adopted by business departments and users for free .
Joseph Carson, Chief Security Scientist and Consulting CISO at ThycoticCentrify, said: “The shift from offline to hybrid work environments that began last year means that network security needs to shift from perimeter-based network security to one focused on cloud, identity and privileged access management. network security.”
Enterprises must adjust the access permissions of employees and users to enterprise business applications and data, further isolate untrusted device networks, and implement security management and control through powerful privileged access mechanisms to improve productivity and access efficiency.