Web security has improved in leaps and bounds over recent years, but as is always the case the interests on the other side of the fence have made their own advancements. Many people have been inclined to ask around what exactly is in it for the people who create malware and put it out there for infecting a person’s computing device, but as has been determined – and not surprisingly – it’s all about money like anything else. There’s a very complex network of interests there, and the long and short of it is that people benefit from having your computer, notebook, or mobile compromised very underhandedly.
And so it is that much of what makes the Cloud the godsend it has been for digital professionals is also what makes it the #1 risk factor for being infected with malware. In many ways it is a classic example of having no choice but to take the bad with the good, and it appears the competition between malware makers and cyber security experts is going to continue full tilt for the foreseeable future.
Here at 4GoodHosting we’re equally big fans of the Cloud in the same way it is for any good Canadian web hosting provider who has a seat that’s conducive to seeing digital advances in the clearest of lights. Further, you can’t stop progress and there’s no debate we’ll be looking to get more out of cloud computing so that extensive physical storage isn’t allowed to be as harmful as it would otherwise. So yes, we are all very much taking the good with the bad these days and many people will have already had one or more unpleasant experiences with malware.
Let’s look at this finding that most malware downloads are delivered via the cloud, why that might be, and what are the potential ramifications of it all for the average business or organization.
2/3 of All for 2021
A recent Netskope report based on the 2021 year found that no less than two-thirds of malware downloads were based in cloud apps. This puts a spotlight on the continued growth of malware and other malicious payloads that make their way to unsuspecting users through cloud applications. As you’d expect this was up markedly from the same percentage for 2020, and what it does make clear is reflect that attackers are having more success with seeing their victims infected with malware.
What it does is create the need for better Cloud security, and there’s one particular popular resource where it may bee needed more than anywhere elsewhere – Google Drive. Given the popularity of Google’s flagship Cloud Computing resource that isn’t going to be well-received news for people who are devotees when it comes to using it. But it is what it is, and of course the popularity of the app and the sheer number of people using it is a big part of why it’s #1 for malware infections.
It’s interesting to note that it usurped Microsoft OneDrive for the dubious title. OneDrive was the number one source for malware infections the year previous, although it’s hard to suggest that a major shift in user preferences was behind the bulk of that shift.
19 to 37% Jump
The increase in malicious Office documents was from 19% to 37% according to the report, and the size of the increase is large enough to suggest more in the way of far-reaching cloud application security risks. It also indicated further that more than 50% of all managed cloud app instances have been targeted by at least once credential attack over the course of the last year, independent of whether that attack was seen through or blocked. The number of attempts suggest there are more bad actors out there than ever before who are building malware and putting it in the position to be distributed via the Cloud.
The reality is now that Cloud-delivered malware is now more of an occurrence than web-delivered malware. For 2021 malware downloads originating from cloud apps were now making up 66% of all malware downloads in comparison to traditional websites. The exact number for that is up 46% from the beginning of 2020. This is in comparison to Microsoft Office documents moving up to account for 37% of all malware downloads by the end of 2021.
Some of the Microsoft Office malwares – including the well-known Emotet malspam campaign in 2020’s 2nd Quarter – triggered a rush of malicious Microsoft Office documents designed by copycat attackers who were riding the coattails of the Emotet campaign. Another interesting catch is that upwards of 50% of managed cloud app instances are targeted by credential attacks exclusively. And the reason for that? Credentials gained underhandedly are able to be sold and that gets back to what we stared with in asking why is it people do this.
Try Until Success
What these malware attackers and their bimbos do is try common passwords and leaked credentials from other services in order to obtain access to sensitive information that has been stored in cloud apps. Also interesting to note that some 98% of attacks coming from new IP addresses, indicating that’s very much a part of the M.O. in order to stay out of sight as best as possible.
We also know from this report and others that corporate data exfiltration is on the rise. Increasing numbers of employees take data with them when they leave an employer and this report also has instances in 2020 and 2021 where an average of 29% of departing employees downloaded more files from managed corporate app instances. Another 15% of users uploaded more files to personal app instances in their final 30 days of being employed.
This is noteworthy because it goes to show that effective cybersecurity can’t be 100% digital exclusively, and there needs to be quite a bit of better and more secure business practices as part of the protective equation too. Which is important, because as we’ve discussed all the goodness of Cloud computing and eliminating the need for physical storage isn’t going anywhere.