September 23, 2021 By David Bisson 2 min read

Cloud apps are now the most common way digital attackers distribute malware. In the second quarter of 2021, researchers found that 68% of malware downloads originated from cloud apps, reported ZDNet. In order to keep your cloud security up, it’s important to know where problems might come from. Specifically, cloud-based misconfigurations could often be a contributing factor. Read on to learn what types of apps factored into these attacks.

Where Cloud Security Problems Start

According to a study by Netskope, most (66.4%) of malware instances in Q2 2021 started with cloud storage apps. They were followed by collaboration apps and development tools at 8.5% and 7.8%, respectively.

Meanwhile, infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) platforms accounted for the lowest proportion of malware downloads, at 3.1% for the quarter.

By using cloud apps, attackers can “bypass blocklists and take advantage of any app-specific allow lists.”

“Although attacks launched from the cloud are typically short-lived — the cloud service provider removes the malicious content when it is reported — attackers have illustrated that they can capitalize on the attack within the short time window that they have,” according to Netskope.

Cloud Complexity Can Lead to Problems

This amount of malware comes with an increasing rise in the number of cloud apps, the number of which used by enterprises increased 22% during the first half of 2021. Groups with upwards of 2,000 employees now use 805 distinct cloud apps.

With so many, it can be hard to manage those services. Sometimes, it’s a question of knowing that all those cloud apps exist in the first place. Per the study, 97% of the cloud apps were shadow IT that existed outside the purview of the IT department.

There’s also the issue of configuring all those apps in a way that aligns with security needs. Gartner predicted that 99% of all cloud security failures will be the customer’s fault through 2025. That’s the same proportion of IaaS misconfigurations that never get noticed, as shared by Help Net Security.

Cloud Security: How to Prevent Malware

The key is to have visibility over the cloud environments you use. So, many organizations are turning to cloud security posture management along with cloud-native security tools to gain it.

As part of their ongoing cloud journeys, organizations need to also develop security baselines for all their assets, including their cloud-based apps. It’s then up to them to align their assets to those baselines, monitor for configuration drift so that they can fix potential issues and update those baselines in a way that matches the evolving threat landscape.

More from News

Europe’s Cyber Resilience Act: Redefining open source

3 min read - Amid an increasingly complex threat landscape, we find ourselves at a crossroads where law, technology and community converge. As such, cyber resilience is more crucial than ever. At its heart, cyber resilience means maintaining a robust security posture despite adverse cyber events and being able to anticipate, withstand, recover from and adapt to such incidents. While new data privacy and protection regulations like GDPR, HIPAA and CCPA are being introduced more frequently than ever, did you know that there is new…

Feds release urgent guidance for U.S. water sector

3 min read - The water and wastewater sector (WWS) faces cybersecurity challenges that leave it wide open to attacks. In response, the CISA, EPA and FBI recently released joint guidance to the sector, citing variable cyber maturity levels and potential cybersecurity solutions. The new Incident Response Guide (IRG) provides the water sector with information about the federal roles, resources and responsibilities for each stage of the cyber incident response lifecycle. Sector owners and operators can use this information to augment their incident response…

What to expect from the new National Cyber Director

4 min read - As cyber threats show no sign of slowing down in terms of sophistication and frequency, the role of the National Cyber Director (NCD) in the United States is becoming a cornerstone of the nation’s defense strategy. Inaugural NCD Chris Inglis set a high bar for the office during his tenure, steering the country through a gauntlet of cyber challenges. Now, as Harry Coker Jr. steps into this critical role, he faces a landscape that continues to evolve with new threats on…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today