April 13, 2021 By David Bisson 2 min read

Malware actors aren’t struggling to adapt their attack campaigns to cloud applications. If they were, then they probably wouldn’t have sent 61% of their malicious payloads in 2020 via cloud-based apps.

That’s up from 48% of malware samples in 2019, according to a study from Netskope. This reveals the extent to which digital attackers are turning to the cloud more and more. This preference comes with certain advantages; using cloud apps helps the attackers evade older email and web defense solutions.

Read on to learn more about how cloud-based apps factor into attacks.

The Importance of Cloud App Security

As noted in the report, the number of cloud applications leveraged by enterprise increased 20% over the course of 2020. Organizations with at least 500 employees and at most 2,000 workers are now using an average of 664 distinct cloud apps each month.

Half of those programs registered a ‘Poor’ rating on the study’s Cloud Confidence Index. This finding shows that many of the cloud apps weren’t ready for enterprise use.

It’s therefore not surprising that digital attackers are using these apps to distribute cloud malware. To be specific, more than half (58%) turned to malicious Microsoft Office documents. They could use these as a means of sending ransomware, back doors and other threats.

At the same time, they’re using cloud apps in other ways, too. Attackers now target cloud-based apps in more than one-third (36%) of phishing attacks as a means of gaining a foothold in the target’s network.

More Recent Cloud App Breaches

Some examples would be useful here. In September 2020, for instance, Proofpoint witnessed a threat actor known as ‘TA2552’ using Spanish-language lures in order to trick users into visiting Microsoft-themed consent pages. Those pages instructed the users to grant a third-party application read-only user permissions to their Office 365 account — rights that the attackers could have used to steal a victim’s information and/or conduct identity theft.

In another piece of research, Proofpoint discovered 180 distinct cloud applications using ‘consent phishing’ tactics in an attempt to access cloud resources over the course of 2020.

Proofpoint wasn’t the only security vendor that spotted malicious actors misusing cloud applications. In October 2020, for instance, Cisco Talos observed the DoNot APT team spreading a new threat called Firestarter. The attackers had the malware interact with the Google Firebase Cloud Messaging cloud solution in order to pinpoint the final payload location.

How to Defend Against Cloud App Misuse

The examples described above highlight the need for groups to defend themselves against misuse of cloud applications. One of the ways they can do this is by managing access to their cloud-based apps. Knowing phishers’ growing preference for these types of programs, consider using multifactor authentication and enabling single sign-on. These controls will help to limit who can access what within those apps.

Organizations also need to prevent digital attackers from gaining access to the information stored within their cloud applications. Towards that end, they should consider using data encryption. Not only will this help to render sensitive information inaccessible in the event of a data breach, but it might also prevent a ransomware strain from activating its encryption routine if an infection does succeed.

More from News

CISA releases landmark cyber incident reporting proposal

2 min read - Due to ongoing cyberattacks and threats, critical infrastructure organizations have been on high alert. Now, the Cybersecurity and Infrastructure Security Agency (CISA) has introduced a draft of landmark regulation outlining how organizations will be required to report cyber incidents to the federal government. The 447-page Notice of Proposed Rulemaking (NPRM) has been released and is open for public feedback through the Federal Register. CISA was required to develop this report by the Cyber Incident Reporting for Critical Infrastructure Act of…

Recent developments and updates in Biden cyber policy

3 min read - The White House recently released its budget for the 2025 fiscal year, which supports the government’s commitment to cybersecurity. The cybersecurity funding allocations line up with the FY 2025 cybersecurity spending priorities released last year that included the following pillars: Defend critical infrastructure Disrupt and dismantle threat actors Shape market forces to drive security and resilience Invest in a resilient future Forge international partnerships to pursue shared goals. In 2023, the White House released a 35-page document detailing the new…

Change Healthcare cyberattack causes dire billing crisis

3 min read - Last month’s cyberattack on Change Healthcare, a sizable unit of UnitedHealth Group, brought new repercussions rarely seen in a cyberattack. As a result of the threat actor’s actions, healthcare systems and providers suffered cash flow issues, which resulted in providers being unable to pay their rent, owners dipping into their personal savings and patients being prevented from receiving important medications. Most importantly, patients are unable to get insurance approval for procedures, surgeries and prescriptions, which can affect their health outcomes.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today