Netskope Cloud and Threat Report January 2022 – The Findings

Netskope has recently released the sixth edition of its Cloud Threat Report. Using data raised from Netskope's Next Generation Secure Web Gateway (SWG) and API Cloud Access Security Broker (CASB), the report provides valuable threat & data protection information, and advice gathered from the vast amount of data collected throughout the past year.

Key Findings and Trends

The January 2022 report gives a year-over-year analysis of cloud attack activities, threats, and risks from 2021 as compared to 2020. There were five key areas highlighted within the report that are worth mentioning:

1. Google Drive became the top app for malware downloads
The percentage of malware downloads from cloud apps compared to websites continues to increase each year, with the total number of apps (with malware downloads) increasing almost three-fold. During this time, Google took the top spot from Microsoft OneDrive, emerging as the app with the most malware downloads. Cloud storage apps are attractive to attackers as they can create their own free accounts, upload malicious payloads, and then share them publicly or with specific victims.

2. Microsoft Office documents continued to be abused 
Microsoft Office documents continued to represent one-third of all malware downloads. The increase started at the beginning of 2020 due to the large-scale emergence of the Emotet malware. Since then, other groups have tried to imitate Emotet’s success, abusing Office documents to deliver ransomware, Trojans, and other malware which has essentially compounded the issue. The trend is expected to continue throughout 2022. 

3. Over 50% of managed cloud apps were targeted by credential attacks
While year-over-year, the quantity of credential attack attempts against cloud-managed apps has remained constant, the sources of these attacks has changed considerably. Only 2% of login attempts originated from IP addresses that launched attacks in 2020. The other 98% of attacks came from new IP addresses. Whilst the US claimed the top spot as the main source of attacker login attempts, the general pattern showed a shift from a few big players to a more decentralised attack. 

4. Risk now coming employee attrition  
Employee attrition doubled in 2021, and there was a deliberate movement of data into personal instances coming from users about to leave their jobs. One out of every seven employees have deliberately exfiltrated data when they were about to leave the organisation. SharePoint and OneDrive continued to be the top managed apps for downloads, accounting for 75%. Meanwhile, Google Drive and OneDrive continued to be the top personal apps for uploads for these employees, accounting for 83%.

5. Cloud storage app adoption continued to rise, inviting abuse from attackers
Cloud Storage apps have remained incredibly popular, with over three-quarters of people in the report using at least one in 2021, up 8% from 2020. While the total number of Cloud Storage apps increased, attackers frequently targeted the most popular apps including Microsoft OneDrive, Google Drive, Amazon S3 and Box, to deliver malware. But why? Well, attackers want to increase the chance of their malware reaching their victims so they will continue to abuse these popular cloud apps to deliver their payload. 

Recommendations for Your Business

To counteract the top trends in 2021, an increase in cloud-delivered malware, credential attacks against managed cloud apps, and data exfiltration by insiders, Netskope recommends the following controls:

  • Multi-Factor Authentication (MFA) and Single Sign On (SSO) should be used across all apps.
  • Multi-layered, inline threat protection should be used for all cloud and web traffic. 
  • Data protection policy controls should be tightened. This includes (but is not limited to) data movement into and out of apps, amongst organisation and personal devices, shadow IT, users, websites, and locations.
  • Cloud data protection should be implemented for sensitive data. Best practices for securing sensitive data in the cloud include an inventory of cloud usage, leveraging cloud-native architecture, and comprehensive incident management.
  • Behavioural analysis should be considered to detect internal threats, data exfiltration and compromised devices and credentials.

At InfoTrust we always recommend and callout with our customers the importance of understanding how exposed their business is to a cyber attack. Also, it is imperative that you have clear visibility of what the potential organisational surface area of attack is, in order to protect it and apply measures like mentioned in this report. 

Hope you find this report an interesting read and to find out more about cloud-enabled threats, the latest findings from Netskope, and how you can protect your business, download the 2022 Cloud and Threat Report today. 

see our

Related resources