Light Dark
April 13, 2021 By David Bisson 2 min read
News

Malware actors aren’t struggling to adapt their attack campaigns to cloud applications. If they were, then they probably wouldn’t have sent 61% of their malicious payloads in 2020 via cloud-based apps.

That’s up from 48% of malware samples in 2019, according to a study from Netskope. This reveals the extent to which digital attackers are turning to the cloud more and more. This preference comes with certain advantages; using cloud apps helps the attackers evade older email and web defense solutions.

Read on to learn more about how cloud-based apps factor into attacks.

The Importance of Cloud App Security

As noted in the report, the number of cloud applications leveraged by enterprise increased 20% over the course of 2020. Organizations with at least 500 employees and at most 2,000 workers are now using an average of 664 distinct cloud apps each month.

Half of those programs registered a ‘Poor’ rating on the study’s Cloud Confidence Index. This finding shows that many of the cloud apps weren’t ready for enterprise use.

It’s therefore not surprising that digital attackers are using these apps to distribute cloud malware. To be specific, more than half (58%) turned to malicious Microsoft Office documents. They could use these as a means of sending ransomware, back doors and other threats.

At the same time, they’re using cloud apps in other ways, too. Attackers now target cloud-based apps in more than one-third (36%) of phishing attacks as a means of gaining a foothold in the target’s network.

More Recent Cloud App Breaches

Some examples would be useful here. In September 2020, for instance, Proofpoint witnessed a threat actor known as ‘TA2552’ using Spanish-language lures in order to trick users into visiting Microsoft-themed consent pages. Those pages instructed the users to grant a third-party application read-only user permissions to their Office 365 account — rights that the attackers could have used to steal a victim’s information and/or conduct identity theft.

In another piece of research, Proofpoint discovered 180 distinct cloud applications using ‘consent phishing’ tactics in an attempt to access cloud resources over the course of 2020.

Proofpoint wasn’t the only security vendor that spotted malicious actors misusing cloud applications. In October 2020, for instance, Cisco Talos observed the DoNot APT team spreading a new threat called Firestarter. The attackers had the malware interact with the Google Firebase Cloud Messaging cloud solution in order to pinpoint the final payload location.

How to Defend Against Cloud App Misuse

The examples described above highlight the need for groups to defend themselves against misuse of cloud applications. One of the ways they can do this is by managing access to their cloud-based apps. Knowing phishers’ growing preference for these types of programs, consider using multifactor authentication and enabling single sign-on. These controls will help to limit who can access what within those apps.

Organizations also need to prevent digital attackers from gaining access to the information stored within their cloud applications. Towards that end, they should consider using data encryption. Not only will this help to render sensitive information inaccessible in the event of a data breach, but it might also prevent a ransomware strain from activating its encryption routine if an infection does succeed.

 |  |  |  |  | 
David Bisson
Contributing Editor

More from News
December 19, 2023

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

12 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign. X-Force tracks ITG05 as…

August 16, 2023

650,000 cyber jobs are now vacant: How to tackle the risk

4 min read - How far is the United States behind in filing cybersecurity jobs? As per Rep. Andrew Garbarino, R-N.Y., Chairman of the HHS Cybersecurity and Infrastructure Protection Subcommittee, overseas adversaries have a workforce advantage over FBI cyber personnel of 50 to one. His statements were made during a recent subcommittee hearing titled “Growing the National Cybersecurity Talent Pipeline.” Meanwhile, recent CyberSeek data shows over 650,000 cyber jobs to fill nationwide. Given the rising rate of cyberattacks, these numbers are truly alarming. How…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature