The number of cloud applications used to deliver malware almost tripled in 2022 as users face an increasingly dangerous cyber threat landscape.
More than 400 “distinct” cloud apps were used to target users with malware across the year, according to research from Netskope, with OneDrive highlighted as the most commonly abused app by threat actors.
This increase reflects a growing trend in cloud security threats, the firm warned.
Across 2022 there was a “drastic increase” in the number of users uploading content to the cloud, Netskope said, which presented attackers with a growing pool of prospective targets.
“Cloud apps are widely used by businesses, a fact not lost on attackers, which view these apps as an ideal home for hosting malware and causing harm,” the company said.
OneDrive accounted for over 25% of global user uploads while Google Gmail and Microsoft SharePoint saw a 7% and 5% in increase in usage respectively.
As a result, Netskope said it observed a “sizeable” increase in cloud malware downloads over the course of the year, which came in stark contrast to the two years prior.
OneDrive accounted for 30% of all cloud-based malware delivery, the study found, while Weebly and GitHub were also key platforms exploited by threat actors to deliver malicious files.
OneDrive's popularity as a commonly used platform to deliver malware marks a change compared to previous research from Netskope. In 2021, Google Drive was identified as the go-to cloud app to deliver malicious software.
“Attackers are increasingly abusing business-critical cloud apps to deliver malware by bypassing inadequate security controls,” said Ray Canzanese, research director at Netskope.
“That is why it is imperative that more organisations inspect all HTTP and HTTPS traffic, including traffic for popular cloud apps, both company and personal instances, for malicious content.”
Cloud-delivered malware is surging
A concerning observation from the Cloud Threat Report also highlighted the growing popularity of cloud-delivered malware compared to web-based attacks.
Across 2022, cloud applications accounted for 48% of malware delivery, marking a 10% increase on the year previous – and this is expected to continue.
The growing reliance on cloud applications and infrastructure across a host of industries has accelerated this trend, the study found, and was fuelled by the rapid shift to remote and hybrid operations in the wake of the pandemic.
“Cloud-delivered malware is now responsible for a much higher percentage of all malware delivery than ever before, especially in certain geographic regions and industries,” the firm said.
The global telecoms industry saw a rapid increase in the volume of malware attacks last year, with 81% of attacks cloud-based compared to 59% in the year previous.
The manufacturing, retail and healthcare industries also witnessed a surge in cloud-delivered malware attacks.
