Netskope Cloud and Threat Report January 2022 – The Findings
Netskope has recently released the sixth edition of its Cloud Threat Report. Using data raised from Netskope's Next Generation Secure Web Gateway (SWG) and API Cloud Access Security Broker (CASB), the report provides valuable threat & data protection information, and advice gathered from the vast amount of data collected throughout the past year.
Key Findings and Trends
The January 2022 report gives a year-over-year analysis of cloud attack activities, threats, and risks from 2021 as compared to 2020. There were five key areas highlighted within the report that are worth mentioning:
1. Google Drive became the top app for malware downloads
The percentage of malware downloads from cloud apps compared to websites continues to increase each year, with the total number of apps (with malware downloads) increasing almost three-fold. During this time, Google took the top spot from Microsoft OneDrive, emerging as the app with the most malware downloads. Cloud storage apps are attractive to attackers as they can create their own free accounts, upload malicious payloads, and then share them publicly or with specific victims.
2. Microsoft Office documents continued to be abused
Microsoft Office documents continued to represent one-third of all malware downloads. The increase started at the beginning of 2020 due to the large-scale emergence of the Emotet malware. Since then, other groups have tried to imitate Emotet’s success, abusing Office documents to deliver ransomware, Trojans, and other malware which has essentially compounded the issue. The trend is expected to continue throughout 2022.
3. Over 50% of managed cloud apps were targeted by credential attacks
While year-over-year, the quantity of credential attack attempts against cloud-managed apps has remained constant, the sources of these attacks has changed considerably. Only 2% of login attempts originated from IP addresses that launched attacks in 2020. The other 98% of attacks came from new IP addresses. Whilst the US claimed the top spot as the main source of attacker login attempts, the general pattern showed a shift from a few big players to a more decentralised attack.
4. Risk now coming employee attrition
Employee attrition doubled in 2021, and there was a deliberate movement of data into personal instances coming from users about to leave their jobs. One out of every seven employees have deliberately exfiltrated data when they were about to leave the organisation. SharePoint and OneDrive continued to be the top managed apps for downloads, accounting for 75%. Meanwhile, Google Drive and OneDrive continued to be the top personal apps for uploads for these employees, accounting for 83%.
5. Cloud storage app adoption continued to rise, inviting abuse from attackers
Cloud Storage apps have remained incredibly popular, with over three-quarters of people in the report using at least one in 2021, up 8% from 2020. While the total number of Cloud Storage apps increased, attackers frequently targeted the most popular apps including Microsoft OneDrive, Google Drive, Amazon S3 and Box, to deliver malware. But why? Well, attackers want to increase the chance of their malware reaching their victims so they will continue to abuse these popular cloud apps to deliver their payload.
Recommendations for Your Business
To counteract the top trends in 2021, an increase in cloud-delivered malware, credential attacks against managed cloud apps, and data exfiltration by insiders, Netskope recommends the following controls:
- Multi-Factor Authentication (MFA) and Single Sign On (SSO) should be used across all apps.
- Multi-layered, inline threat protection should be used for all cloud and web traffic.
- Data protection policy controls should be tightened. This includes (but is not limited to) data movement into and out of apps, amongst organisation and personal devices, shadow IT, users, websites, and locations.
- Cloud data protection should be implemented for sensitive data. Best practices for securing sensitive data in the cloud include an inventory of cloud usage, leveraging cloud-native architecture, and comprehensive incident management.
- Behavioural analysis should be considered to detect internal threats, data exfiltration and compromised devices and credentials.
At InfoTrust we always recommend and callout with our customers the importance of understanding how exposed their business is to a cyber attack. Also, it is imperative that you have clear visibility of what the potential organisational surface area of attack is, in order to protect it and apply measures like mentioned in this report.
Hope you find this report an interesting read and to find out more about cloud-enabled threats, the latest findings from Netskope, and how you can protect your business, download the 2022 Cloud and Threat Report today.
see our
Related resources
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Cyber attacks and data breaches have been commonplace in the news headlines for some time now. Although a warning from the media is certainly helpful, there is so much more that can be done when it comes to threat intelligence sharing. Threat intelligence sharing is an important part of the global cybersecurity community effort to tackle cybercrime and should form a part of every organisation’s cybersecurity strategy. Sharing cyber threat intelligence enables organisations to make informed decisions about their cybersecurity, building more effective and robust cyber defences.
One of my favourite annual reports to read is the Verizon Data Breach Investigations Report. It’s packed full of insights about the threat landscape and security leaders, in my opinion, should read this report to get a pulse on what’s happening in cyber-scape.
After all, as cyber leaders, we are here to stop breaches – so the insights gained from real cyber incidents and breaches is gold in learning how to tighten up our defences.
All businesses, large and small, are under increasing pressure to demonstrate that they are managing the risk of cyberattacks. This means having the right processes and controls in place to identify risks and vulnerabilities, protect information, as well as detect, respond, and recover in the event of cybersecurity incidents. As such, many businesses are turning to certification authorities and security frameworks to demonstrate privacy and security best practice and achieve compliance with regulatory bodies. System and Organisation Controls (SOC 2) is one such compliance framework that can help organisations to create a structured approach to cybersecurity.
Frost & Sullivan has recently released its 2021 Frost Radar: Email Security report, where its findings provide a benchmarking framework to help businesses protect their email from cyber threats.
As we operate in an increasingly digital world, every business collect, store, and share more and more data. And, amongst that data is personal information. With the OAIC marking this year’s Privacy Awareness Week (PAW) from Monday 3 May to Sunday 9 May 2021, it’s time for us all to review how we protect our customers’ personal information.
We're Here To Help