Google Drive had the most malware downloads from cloud storage sites in 2021

Google took the top spot for malicious Microsoft OneDrive downloads, as attackers created free accounts, downloaded malware and shared documents with unsuspecting users, Netskope explains.

Illustration: Andy Wolber / TechRepublic

The more cybercriminals can take advantage of a legitimate service, the better their chances of getting people to fall for their scams. This is why popular services like Google and Microsoft are exploited in malicious attacks. In fact, Google Drive ended in 2021 as the most widely used cloud storage service for malware downloads, according to security provider Netskope.

SEE: Social Engineering: Checklist for Professionals (Free PDF) (TechRepublic)

In its “January 2022 Cloud and Threat Report” released on Tuesday, Netskope noted that cloud storage applications were adopted even more in 2021. For the year, 79% of customers analyzed used at least cloud storage application, up from 71% in 2020 The number of cloud storage applications in use has also increased. Companies with 500 to 2,000 employees used 39 different cloud storage applications last year, up from 35 the year before.

This increased use of cloud apps naturally excited cybercriminals, who abused these apps to deploy malware. For 2021, cloud storage applications accounted for 69% of cloud-based malware downloads, down slightly from 72% in 2020. These services are out-of-the-box operating targets because attackers can easily create free accounts, download their infectious payloads, and then share them. malicious documents with potential victims.

For the year, Google Drive took Microsoft OneDrive’s # 1 spot as the cloud storage app with the highest number of malicious downloads, accounting for 37% of them. OneDrive fell to second place with 20% of registered malware downloads. The top five are completed by SharePoint with 9%, Amazon S3 with 6% and GitHub with 3%.

Last year’s results contrast with those of 2020, where OneDrive was the most exploited cloud storage app for malicious downloads with 29%, followed by Box with 17%, Amazon S3 with 15%, SharePoint with 13. % and Google Drive with only 9%. .

Beyond evidence of Google’s growing popularity, there are other reasons Google Drive topped other services in malware downloads last year, according to Netskope. In 2020, the Emotet botnet used Box to deliver most of the malicious Office document payloads. But with Emotet suppressed by global law enforcement in early 2021, that activity was dormant for most of the year. To pick up the slack, attackers trying to replicate Emotet’s success turned to Google Drive to share malicious Office documents.

With cloud-based storage applications being such a tempting target of exploitation, how can individuals and organizations protect themselves against malicious documents? Netskope offers the following tips:

  1. Use single sign-on (SSO) and multi-factor authentication (MFA) for managed and unmanaged applications. Implement adaptive policy controls for strong authentication based on user, device, app, data, and activity.
  2. Implement layered online threat protection for all cloud and web traffic to prevent malware from reaching your endpoints and preventing outbound malware communications.
  3. Configure granular policy controls to protect your data. These controls should track and manage data transferred to and from apps, as well as between your organization and personal instances, including IT, users, websites, devices, and locations.
  4. Use data protection in the cloud to secure sensitive data against internal and external threats across the web, email, SaaS, shadow IT, and public cloud services. Adopt security posture management for Software as a Service (SaaS) and Identity as a Service (IaaS) models.
  5. Configure behavioral analysis to find insider threats, data exfiltration, compromised devices, and compromised credentials.

The growing popularity of cloud applications has given rise to three types of abuse described in this report: attackers trying to access victims’ cloud applications, attackers abusing cloud applications to distribute malware, and insiders using applications cloud for data exfiltration, “Netskope Threat Labs’ threat research director Ray Canzanese said in a press release. The report recalls that the same apps you use for legitimate purposes will be attacked and abused. Locking down cloud apps can help prevent attackers from infiltrating them, while scanning for incoming threats and outgoing data can help block malware downloads and data exfiltration. “

Also look