Netskope Cloud and Threat Report January 2022 – The Findings
Netskope has recently released the sixth edition of its Cloud Threat Report. Using data raised from Netskope's Next Generation Secure Web Gateway (SWG) and API Cloud Access Security Broker (CASB), the report provides valuable threat & data protection information, and advice gathered from the vast amount of data collected throughout the past year.
Key Findings and Trends
The January 2022 report gives a year-over-year analysis of cloud attack activities, threats, and risks from 2021 as compared to 2020. There were five key areas highlighted within the report that are worth mentioning:
1. Google Drive became the top app for malware downloads
The percentage of malware downloads from cloud apps compared to websites continues to increase each year, with the total number of apps (with malware downloads) increasing almost three-fold. During this time, Google took the top spot from Microsoft OneDrive, emerging as the app with the most malware downloads. Cloud storage apps are attractive to attackers as they can create their own free accounts, upload malicious payloads, and then share them publicly or with specific victims.
2. Microsoft Office documents continued to be abused
Microsoft Office documents continued to represent one-third of all malware downloads. The increase started at the beginning of 2020 due to the large-scale emergence of the Emotet malware. Since then, other groups have tried to imitate Emotet’s success, abusing Office documents to deliver ransomware, Trojans, and other malware which has essentially compounded the issue. The trend is expected to continue throughout 2022.
3. Over 50% of managed cloud apps were targeted by credential attacks
While year-over-year, the quantity of credential attack attempts against cloud-managed apps has remained constant, the sources of these attacks has changed considerably. Only 2% of login attempts originated from IP addresses that launched attacks in 2020. The other 98% of attacks came from new IP addresses. Whilst the US claimed the top spot as the main source of attacker login attempts, the general pattern showed a shift from a few big players to a more decentralised attack.
4. Risk now coming employee attrition
Employee attrition doubled in 2021, and there was a deliberate movement of data into personal instances coming from users about to leave their jobs. One out of every seven employees have deliberately exfiltrated data when they were about to leave the organisation. SharePoint and OneDrive continued to be the top managed apps for downloads, accounting for 75%. Meanwhile, Google Drive and OneDrive continued to be the top personal apps for uploads for these employees, accounting for 83%.
5. Cloud storage app adoption continued to rise, inviting abuse from attackers
Cloud Storage apps have remained incredibly popular, with over three-quarters of people in the report using at least one in 2021, up 8% from 2020. While the total number of Cloud Storage apps increased, attackers frequently targeted the most popular apps including Microsoft OneDrive, Google Drive, Amazon S3 and Box, to deliver malware. But why? Well, attackers want to increase the chance of their malware reaching their victims so they will continue to abuse these popular cloud apps to deliver their payload.
Recommendations for Your Business
To counteract the top trends in 2021, an increase in cloud-delivered malware, credential attacks against managed cloud apps, and data exfiltration by insiders, Netskope recommends the following controls:
- Multi-Factor Authentication (MFA) and Single Sign On (SSO) should be used across all apps.
- Multi-layered, inline threat protection should be used for all cloud and web traffic.
- Data protection policy controls should be tightened. This includes (but is not limited to) data movement into and out of apps, amongst organisation and personal devices, shadow IT, users, websites, and locations.
- Cloud data protection should be implemented for sensitive data. Best practices for securing sensitive data in the cloud include an inventory of cloud usage, leveraging cloud-native architecture, and comprehensive incident management.
- Behavioural analysis should be considered to detect internal threats, data exfiltration and compromised devices and credentials.
At InfoTrust we always recommend and callout with our customers the importance of understanding how exposed their business is to a cyber attack. Also, it is imperative that you have clear visibility of what the potential organisational surface area of attack is, in order to protect it and apply measures like mentioned in this report.
Hope you find this report an interesting read and to find out more about cloud-enabled threats, the latest findings from Netskope, and how you can protect your business, download the 2022 Cloud and Threat Report today.
see our
Related resources
In today’s digital age, we all use a vast amount of information to conduct our business activities, sharing, and interacting with data across multiple devices and networks. As such confidentiality, integrity and availability are key. You only have to look at recent news headlines to realise that even organisations with comprehensive security strategies are still vulnerable to cybersecurity breaches. Vulnerabilities can lie within the technology being used, the cyber-awareness of its employees, and the sophistication of attacks.
During the great cloud rush, many organisations moved to various cloud environments, for the productivity advantages, improved reliability and security compared with running on premise environments. But the naysayers conveyed the risks associated of security concerns and outages, having the potential to bring down a company or even an economy if a there was a massive outage.
Based on InfoTrust analysis at the start of 2019 of over 9000 Australian company domain MX and SPF records, over a third of these organisations rely on Microsoft O365 Productivity suite.
This includes some of Australia’s largest organisations that would undoubtedly disrupt an economy if they were without email for a sustained period of time.
As you may be aware, from July 1 2019, all APRA regulated entities will be required to adhere to a new prudential standard, CPS 234. According to APRA, “this Prudential Standard aims to ensure that an APRA-regulated entity takes measures to be resilient against information security incidents (including cyber-attacks) by maintaining an information security capability commensurate with information security vulnerabilities and threats.”
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Last month CrowdStrike released its 2020 Global Threat Report, reflecting on the past year’s cybercrime and the types of attacks and techniques criminals have been utilising. In this blog post, we take a look at the key trends from the report and what they mean to Australian businesses.
Earlier this month the CrowdStrike® Falcon® Overwatch™ team released their 2018 mid-year review, “Observations from the Front-Lines of Threat Hunting”. InfoTrust discusses the front-line and why security is everyone’s business. A brief precis, some thought provocation, and insight (hopefully) are below.
We're Here To Help