Netskope Cloud And Threat Spotlight Highlights Where Companies Need To Focus Their Efforts On

Netskope has today released the Netskope Cloud and Threat Spotlight: January 2022, which has revealed new research highlighting the continued growth of malware and other malicious payloads by cloud apps. The analysis identified key findings including:

  • Cloud-delivered malware in now more prevalent than web-delivered malware. In 2021, malware downloads originating from cloud apps increased to 66% of all malware downloads. 
  • Google Drive emerges as the top app for most malware downloads. 
  • Cloud-delivered malware via Microsoft Office nearly doubled from 2020 to 2021. 
  • More than half of managed cloud app instances are targeted by credential attacks.

In response to these findings, Saryu Nayyar, CEO and Founder, Gurucul had this to say:

“This informative report highlights the need for cloud-native solutions that seamlessly monitor for, detect and accelerate response against known and unknown or emerging malware that targets cloud infrastructure regardless of vendor. Based on the report, the most effective solution for combating these emerging threats requires a combination of behavioral-based security analytics combined with an understanding of identity, access and entitlements to prevent credential-based attacks. Using this approach offers a much-needed layer of data-loss prevention (DLP) already incorporated into specific next generation SIEMs and can alert security teams both earlier in the kill chain and with an unprecedented level of context and automation to prevent loss.”

As more and more businesses rely on the cloud, the need to better defend against attacks becomes more and more important. Thus it’s time to circle those wagons to defend against the attacks that we all know are inbound.

UPDATE: I got additional commentary from Stephanie Simpson who is the VP Product Management of SCYTHE

Companies are using more cloud-resources everyday. For example, threat actors have been leveraging opera source tools to exfiltrate cloud storage. To protect themselves, companies need to stay up-to-date on threat intelligence and use it effectively to continuously validate their controls, including people, processes, and technologies.”

And I got commentary from Chris Olson, CEO at The Media Trust:

The rise of cloud-originating cyberattacks in 2021 is not surprising. Today the average organization deploys nearly 6,000 third-party SaaS applications; as this number increases, so does the attack surface for cyber actors. This is particularly true when vulnerabilities in common software components come to light. 

At the beginning of 2022, the Log4j vulnerability has not only impacted millions of devices, but also dozens of leading cloud providers. Like the SolarWinds attack one year ago, it serves as a sobering reminder that organizations are dependent on third parties who may fall prey to malicious cyberactivity at any moment.

For this reason, the dichotomy between Web and Cloud-delivered malware is somewhat deceptive. While these may appear like two different and mutually exclusive channels for cyberactivity, they converge on the same underlying problem: organizations are not monitoring or defending against third-party threats, whether they originate through the Cloud, the software supply chain, or digital vendors.

UPDATE #2: Here’s some more commentary from Kevin Novak, Managing Director of Cyber Security Consulting, Breakwater Solutions:

“After all, this shift towards cloud-centric sources of malware vs. non-cloud-centric sources is just an indicator that we’ve made dramatic shifts in how and where we compute.  We will continue to move away from on-premise towards externally hosted environments; driven un-naturally with pandemic tailwinds urging us forward.”

 “In the end, it’s all a matter of adapting our security programs to these new computing paradigms…as we’ve done so many times before: thinking back to our shift away from mainframes to client-server, and then mobile computing, and now the cloud.   Many organizations have learned that this is a never-ending progression and they’ve adapted their programs to account for computing evolution; others still ebb and flow with the tides.”

And then there’s commentary from Yan Michalevsky, CTO and Cofounder, Anjuna Security:

“Confidential Computing can help protect against corporate data exfiltration. Secure Enclaves can limit, or prevent access to sensitive data by unauthorized employees, while at the same time enabling normal operation of business logic.”

Leave a Reply

%d bloggers like this: