Cloud-delivered malware attacks almost tripled in 2022

Mockup image with padlocks to symbolise a cyber security vulnerability
(Image credit: Shutterstock)

The number of cloud applications used to deliver malware almost tripled in 2022 as users face an increasingly dangerous cyber threat landscape.

More than 400 “distinct” cloud apps were used to target users with malware across the year, according to research from Netskope, with OneDrive highlighted as the most commonly abused app by threat actors.

This increase reflects a growing trend in cloud security threats, the firm warned.

Across 2022 there was a “drastic increase” in the number of users uploading content to the cloud, Netskope said, which presented attackers with a growing pool of prospective targets.

“Cloud apps are widely used by businesses, a fact not lost on attackers, which view these apps as an ideal home for hosting malware and causing harm,” the company said.

OneDrive accounted for over 25% of global user uploads while Google Gmail and Microsoft SharePoint saw a 7% and 5% in increase in usage respectively.

As a result, Netskope said it observed a “sizeable” increase in cloud malware downloads over the course of the year, which came in stark contrast to the two years prior.

OneDrive accounted for 30% of all cloud-based malware delivery, the study found, while Weebly and GitHub were also key platforms exploited by threat actors to deliver malicious files.

OneDrive's popularity as a commonly used platform to deliver malware marks a change compared to previous research from Netskope. In 2021, Google Drive was identified as the go-to cloud app to deliver malicious software.

“Attackers are increasingly abusing business-critical cloud apps to deliver malware by bypassing inadequate security controls,” said Ray Canzanese, research director at Netskope.

“That is why it is imperative that more organisations inspect all HTTP and HTTPS traffic, including traffic for popular cloud apps, both company and personal instances, for malicious content.”

Cloud-delivered malware is surging

A concerning observation from the Cloud Threat Report also highlighted the growing popularity of cloud-delivered malware compared to web-based attacks.

Across 2022, cloud applications accounted for 48% of malware delivery, marking a 10% increase on the year previous – and this is expected to continue.


IDC MarketScape: Worldwide unified endpoint management services

2022 vendor assessment


The growing reliance on cloud applications and infrastructure across a host of industries has accelerated this trend, the study found, and was fuelled by the rapid shift to remote and hybrid operations in the wake of the pandemic.

“Cloud-delivered malware is now responsible for a much higher percentage of all malware delivery than ever before, especially in certain geographic regions and industries,” the firm said.

The global telecoms industry saw a rapid increase in the volume of malware attacks last year, with 81% of attacks cloud-based compared to 59% in the year previous.

The manufacturing, retail and healthcare industries also witnessed a surge in cloud-delivered malware attacks.

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at, or on Twitter and LinkedIn.