Light Dark
April 13, 2021 By David Bisson 2 min read
News

Malware actors aren’t struggling to adapt their attack campaigns to cloud applications. If they were, then they probably wouldn’t have sent 61% of their malicious payloads in 2020 via cloud-based apps.

That’s up from 48% of malware samples in 2019, according to a study from Netskope. This reveals the extent to which digital attackers are turning to the cloud more and more. This preference comes with certain advantages; using cloud apps helps the attackers evade older email and web defense solutions.

Read on to learn more about how cloud-based apps factor into attacks.

The Importance of Cloud App Security

As noted in the report, the number of cloud applications leveraged by enterprise increased 20% over the course of 2020. Organizations with at least 500 employees and at most 2,000 workers are now using an average of 664 distinct cloud apps each month.

Half of those programs registered a ‘Poor’ rating on the study’s Cloud Confidence Index. This finding shows that many of the cloud apps weren’t ready for enterprise use.

It’s therefore not surprising that digital attackers are using these apps to distribute cloud malware. To be specific, more than half (58%) turned to malicious Microsoft Office documents. They could use these as a means of sending ransomware, back doors and other threats.

At the same time, they’re using cloud apps in other ways, too. Attackers now target cloud-based apps in more than one-third (36%) of phishing attacks as a means of gaining a foothold in the target’s network.

More Recent Cloud App Breaches

Some examples would be useful here. In September 2020, for instance, Proofpoint witnessed a threat actor known as ‘TA2552’ using Spanish-language lures in order to trick users into visiting Microsoft-themed consent pages. Those pages instructed the users to grant a third-party application read-only user permissions to their Office 365 account — rights that the attackers could have used to steal a victim’s information and/or conduct identity theft.

In another piece of research, Proofpoint discovered 180 distinct cloud applications using ‘consent phishing’ tactics in an attempt to access cloud resources over the course of 2020.

Proofpoint wasn’t the only security vendor that spotted malicious actors misusing cloud applications. In October 2020, for instance, Cisco Talos observed the DoNot APT team spreading a new threat called Firestarter. The attackers had the malware interact with the Google Firebase Cloud Messaging cloud solution in order to pinpoint the final payload location.

How to Defend Against Cloud App Misuse

The examples described above highlight the need for groups to defend themselves against misuse of cloud applications. One of the ways they can do this is by managing access to their cloud-based apps. Knowing phishers’ growing preference for these types of programs, consider using multifactor authentication and enabling single sign-on. These controls will help to limit who can access what within those apps.

Organizations also need to prevent digital attackers from gaining access to the information stored within their cloud applications. Towards that end, they should consider using data encryption. Not only will this help to render sensitive information inaccessible in the event of a data breach, but it might also prevent a ransomware strain from activating its encryption routine if an infection does succeed.

 |  |  |  |  | 
David Bisson
Contributing Editor

More from News
November 18, 2024

Research finds 56% increase in active ransomware groups

4 min read - Any good news is welcomed when evaluating cyber crime trends year-over-year. Over the last two years, IBM’s Threat Index Reports have provided some minor reprieve in this area by showing a gradual decline in the prevalence of ransomware attacks — now accounting for only 17% of all cybersecurity incidents compared to 21% in 2021. Unfortunately, it’s too early to know if this trendline will continue. A recent report released by Searchlight Cyber shows that there has been a 56% increase in…

November 4, 2024

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

October 28, 2024

CISA and FBI release secure by design alert on cross-site scripting 

3 min read - CISA and the FBI are increasingly focusing on proactive cybersecurity and cyber resilience measures. Conjointly, the agencies recently released a new Secure by Design alert aimed at eliminating cross-site Scripting (XSS) vulnerabilities, which have long been exploited to compromise both data and user trust. Cross-site scripting vulnerabilities occur when a web application improperly handles user input, allowing attackers to inject malicious scripts into web pages that are then executed by unsuspecting users. These vulnerabilities are dangerous because they don't attack…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature