HomesecurityMalware delivery via cloud: 68% increase in Q2

Malware delivery via cloud: 68% increase in Q2

The percentage of malware delivered via the cloud increased by 68% in the second quarter, according to data from the cybersecurity company Netskope.

Cloud malware

See also: CISA: Warns about malware on hacked Pulse Secure devices


The company has released the fifth edition of the Cloud and Threat Report that covers the risks, threats and trends of cloud data they see throughout the quarter.

The report noted that cloud storage applications account for more than 66% of cloud malware deliveries.


The researchers behind the report explained that cybercriminals deliver malware via cloud applications "to bypass exclusion lists and take advantage of any lists of permissions for specific applications ”. Cloud service providers remove most malware immediately, but some intruders have found ways to do significant damage in the short time they have not been detected.

See also: XLoader malware: Steals logins from Windows and macOS systems

About 35% of all workload is also exposed to the public Internet within AWS, Azure and GCP, according to the company's researchers, with public IP addresses accessible from anywhere on the Internet.

RDP servers - which they say have become "a popular intruder" - accounted for 8,3% of all workloads. The average company (between 500 and 2.000 employees) now develops 805 different applications and cloud services, with 97% of them being "unmanaged and often freely adopted by businesses and users".

The rapid adoption of cloud applications for businesses continued until 2021, with data showing that adoption increased by 22% in the first half of the year. However, the report notes that "97% of the cloud applications used in the business are shadow IT, unmanaged and often freely adopted by businesses and users."

There are also issues raised in reporting on employee habits, both at work and at home. The report raises concerns about the near-universal tendency of officials authorizing at least one third-party application in Google workspace.

The Netskope report states that employees who leave an organization upload three times more data to their personal applications in the last 30 working days.

See also: MosaicLoader malware: It is presented as cracked software and infects victims

Uploads leave company data exposed because much of it is uploaded to personal Google Drive and Microsoft OneDrive, which are popular targets for cyber-attackers. According to Netskope's findings, 15% "either upload files copied directly from managed app instances or violate corporate data policy."

The researchers also add that remote work is still in full swing as of the end of June 2021, with 70% of users surveyed working remotely.

Source of information:

Teo Ehc
Teo Ehc
Be the limited edition.