Google Drive accounted for the most malware downloads in 2021

NetSkope research malware downloaded via cloud apps is now more prevalent than web-delivered malware

Google Drive accounted for the most malware downloads in 2021, taking the top spot from Microsoft OneDrive.

The cloud storage service accounted for 37% of all malicious downloads last year, according to the January edition of Netskope's Cloud and Threat report. 

Google Drive took the number one from Microsoft OneDrive, which fell to second place with 20% of recorded malware downloads. Rounding out the top five were SharePoint with 9%, Amazon S3 with 6% and GitHub with 3%.

IT Pro contacted Google, Microsoft and Amazon for comment but had not received a response at the time of publication. 

Netskope, a US-based cyber security provider, noted that cloud storage apps gained even greater adoption in 2021, with 79% of customers analysed using at least one cloud storage app, which is up from 71% in 2020. The number of cloud storage apps in use also rose, with organisations with 500 to 2,000 employees using 39 different cloud storage apps last year.

What's more, cloud-delivered malware is now more prevalent than variants are downloaded via the web. In 2021, cloud app malware accounted for 66% of all malware downloads, up from 46% at the start of 2020. 

Aside from its increasing popularity, there are other reasons why Drive surpassed other services when it came to malware downloads, according to Netskope. For example, the Emotet botnet that used Box to deliver malicious Office document payloads was taken down early in 2021 but ended up inspiring hackers to use Google Drive to share malicious Office documents.

"The increasing popularity of cloud apps has given rise to three types of abuse described in this report: attackers trying to gain access to victim cloud apps, attackers abusing cloud apps to deliver malware, and insiders using cloud apps for data exfiltration," Netskope Threat Labs threat research director Ray Canzanese said. 

"The report serves as a reminder that the same apps that you use for legitimate purposes will be attacked and abused. Locking down cloud apps can help to prevent attackers from infiltrating them, while scanning for incoming threats and outgoing data can help block malware downloads and data exfiltration."

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

How the right software can improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

Alkira offers Check Point CloudGuard Security to secure virtual cloud networks
Cloud

Alkira offers Check Point CloudGuard Security to secure virtual cloud networks

29 Sep 2021
Iboss protects web sessions with remote browser isolation
Cloud

Iboss protects web sessions with remote browser isolation

16 Aug 2021
Most CISOs worry cloud software flaws aren’t being caught
cloud security

Most CISOs worry cloud software flaws aren’t being caught

7 Jun 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022
Synology DiskStation DS2422+ review: A cube of great capacity
network attached storage (NAS)

Synology DiskStation DS2422+ review: A cube of great capacity

10 Jan 2022