Cloud security threats are growing faster than ever

A cloud icon on a desk in front of a laptop.
(Image credit: iStock)

Cloud-based security threats are growing at a faster rate than ever, as threat actors find new and innovative ways to push malware through the novel technology. 

Netskope's latest Cloud & Threat Report: Global Cloud and Web Malware Trends paper found more than half (55%) of all HTTP and HTTPS malware downloads came from cloud apps, up from 35% for the same period a year before. 

That makes it more than a 50% jump year-on-year.

Protecting your business from the biggest threats online

<a href="https://www.perimeter81.com/lp/malware-protection-techradar?a_aid=2380&utm_term=secure_internet_access&utm_source=techradar&utm_medium=affiliate&utm_campaign=deal_block" data-link-merchant="perimeter81.com"" target="_blank">Protecting your business from the biggest threats online
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Malicious apps multiplying

The rise is due to an increase in people downloading malware from popular enterprise cloud applications, Netskope further claims. Microsoft’s OneDrive is seen as the most popular enterprise app “by a wide margin”. Furthermore, the number of applications with malware downloads also continued rising, with Netskope identifying 261 different malicious apps in Q1 this year. 

To make matters worse, malware delivered over what’s considered “risky web categories” makes up but a tiny portion of total web malware downloads, with the majority of the downloads being spread out over different sites. Content delivery networks (CDNs) are actually used the most, with a market share of 7.7%.

In general, five in 1,000 enterprise users tried to download malware in Q1 2023, with new variants taking up almost three-quarters (72%) of those downloads. What’s more, almost 10% of all downloads started with a search engine query, as threat actors weaponize data voids and SEO poisoning for queries that have very few results. “This represents just one of many social engineering techniques that attackers are accelerating,” the researchers say.

Finally, social engineering reigns supreme as the key malware delivery technique with email, collaboration apps, and chat apps, are being leveraged to trick people into downloading malware. Trojans are the most popular malware type with 60% of all downloads. Phishing downloads took up 13%.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.