Netskope released the fifth edition of its Cloud and Threat Report, covering cloud data risks, threats, and trends it saw throughout the quarter. The report finds that cloud storage apps are responsible for more than 66% of cloud malware delivery.
The report said that in this year’s Q2, 43% of all malware downloads came from malicious Office docs compared to just 20% at the start of last year.
The increase comes even after Emotet was taken down, indicating that other groups copied the success of the Emotet crew and adopted similar operation methods.
Netskope reported that collaboration apps and development tools account for the next largest percentage, as attackers exploit widely-used chat apps and code repos to deliver malware.
The company detected and blocked malware downloads from 290 different cloud apps in the first half of this year.
The researchers behind the report explained that the criminals deliver malware through cloud apps to evade detection by blocklists and take advantage of any apps on allow lists. Cloud service providers generally remove the malware almost instantly. However, some attackers have found ways to inflict damage in the short time they are in a system undetected.
The company’s researchers say that 35% of all workloads are also exposed to the public internet within Azure, AWS, and Google Cloud, with public IP addresses reachable from the open internet.
RDP servers, which the researchers say have become a popular infiltration route for attackers, were exposed in 8.3% of workloads.
With the average company employing anywhere between 500 and 2000 employees, about 805 distinct apps and cloud services are deployed, with 97% of them being unmanaged and adopted freely by users and business units.
The surface area open to attack is expansive. Read the report here.