A digital cloud over red symbols representing malware.
Image: AndSus/Adobe Stock

As more organizations have turned to the cloud to store and work with their data, applications and other assets, cybercriminals are increasingly exploiting cloud-based services to set up malicious downloads. A new report from network security provider Netskope looks at the rise in cloud-delivered malware and provides tips on how to protect your organization from these threats.

Jump to:

Why the shift to the cloud has led to more cloud-based malware

The shift to hybrid and remote work has led to a greater use of apps such as Microsoft OneDrive, SharePoint and Microsoft Teams, and there was a dramatic rise in the number of users uploading content to these and other cloud-based services in 2022. Last year, more than 25% of people around the world uploaded documents each day to Microsoft OneDrive, 7% to Google Drive and 5% to Microsoft SharePoint.

SEE: Hiring Kit: Cloud Engineer (TechRepublic Premium)

The delivery of cloud-based malware also shot up in 2022, triggered by an increase in the volume of apps being exploited to launch malware and the number of malicious downloads from popular apps. For the year, Netskope found 400 distinct cloud applications delivering malware, almost triple the number of the previous year. Some 30% of all malicious downloads from the cloud came from Microsoft OneDrive, followed by 8.6% from web hosting site Weebly and 7.6% from the software hosting site GitHub.

Why cloud-based attacks succeed

Malware cyberattacks that exploit OneDrive and other sites are successful for three reasons: tactics, user behavior and company policy. For a malicious cloud-based download to work, the attacker must use the right tactics to upload and share the malware from the cloud app. Then a user must be duped into downloading the malware. Finally, company policy must allow the employee to gain access to the malicious file.

Other types of threats, such as phishing scams, credit card skimmers and fake websites, have helped attackers disguise their malicious content to fool unsuspecting victims. Some 94% of malicious web content seen last year was delivered via these threats.

Where the biggest increases in malware occurred in 2022

In 2022, the biggest increases in cloud-delivered malware happened in Australia and Europe, while the largest decline was seen in North America. However, the percentage of these malicious downloads remained highest in North America, followed by Australia, Asia and Africa. Looking at different industries, the largest increases in cloud-based malware occurred in healthcare, manufacturing and telecom.

Most of the malicious file types downloaded from the cloud were portable executable files, although the number was actually lower in 2022 than in 2021. The biggest increase last year was in malicious PDF files, followed by plaintext files, including PowerShell, Python and other scripts. Beyond downloadable files, malicious web content found in phishing pages, bitcoin miners and other sites typically consisted of JavaScript that could be executed by the browser.

How to defend against cloud-delivered malware

Netskope offers the following eight cybersecurity recommendations to protect organizations from cloud-delivered malware threats.

1. Use multi-layered security

Take advantage of multi-layered and inline security protection to block inbound and outbound malware for all cloud and web traffic. The right cloud security tools can help you quickly scan all content.

2. Use granular policy controls

Enforce the use of granular policy controls to restrict the flow of data between apps, business and personal access, users and the web. Make sure your policies adapt based on the device, location and level of risk.

3. Use cloud security to limit the flow of sensitive data

Your cloud protection should restrict the movement of sensitive data to prevent it from reaching unauthorized devices, apps and instances.

4. Use real-time coaching to help your users

Real-time coaching and training can teach your users to use safer apps to protect their data and provide the right authentication for any unusual situations.

5. Use remote browser isolation to reduce browsing risks

With remote browser isolation, you can reduce the risk of browsing newly-registered domains, newly-observed domains and uncategorized websites.

6. Turn to multi-factor authentication

To protect against the use of stolen account credentials, implement multi-factor authentication and extend it to include unmanaged apps through your identity service provider or security service edge platform.

7. Take advantage of behavioral analytics

Use behavioral analytics to scan for compromised accounts and devices as well as insider threats.

8. Implement zero trust security policies

Apply zero trust policies to ensure least privilege access to sensitive data. Make sure that your policies provide ongoing monitoring and reporting to reveal any unknown risks or threats.

Make your organization more secure with our zero trust cheat Sheet or watch our video: Top 5 things you need to know about zero trust.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays