Malicious actors taking advantage of popular cloud platforms
Cloud applications are now the number one distributor of malware, with Google Drive being the most popular vertical among malicious actors, new research has claimed.
A report from Netskope says two-thirds of all malware distributed in 2021 went through cloud apps. Even though the percentage of malware distributed through cloud apps rose throughout 2020, it plateaued for most of 2021, a trend that Netskope expects to continue this year, as well.
Of all the cloud apps used for the distribution of malware, cloud storage apps, such as Google Drive, were the most popular ones. The report’s authors argue this is due to the popularity, and the ease of use, provided by these tools. The number of cloud storage services that were abused to distribute malicious code rose from 93 in 2020, to more than 230 in 2021.
Stealing data on the way out
Together with Google Drive, OneDrive, Sharepoint, Amazon and Github round off the top five most used platforms.
Most of the time, crooks would use these cloud platforms to distribute weaponized Office documents. The share of these documents among all malicious files rose from 19% at the beginning of 2020, to 37% at the end of 2021.
The success of Emotet, Dridex, as well as various other “copycats”, is to blame for this increase.
Cloud apps are also risky due to the “Great Resignation”. During 2021, Netskope uncovered that people were quitting jobs at double the rate, compared to the year before (8% in 2021, compared to 4% in 2020). Sometimes, people leaving the company would take sensitive data with them, and in the absence of better options, they upload these documents to cloud storage apps.
The report says that between 2020 and 2021, an average of 29% of users downloaded more files from managed corporate instances, while 15% uploaded more files to their personal app instances, all in the last 30 days of employment.
Of those people, half uploaded five times more files than what they’d usually upload, while 8% uploaded 100 times their usual data volume. A tiny portion (1%) uploaded more than 1000 times of their usual data volume, prompting Netskope to conclude that there is “significant and deliberate movement” of data, from users about to quit.