Netskope Threat Labs Identify Increasing Cloud Security Risks From Malware Delivery, Third Party Plugins And Exposed Cloud Workloads
SANTA CLARA, Calif. – July 20, 2021 – Netskope, the SASE leader, today published new research reporting on the latest cyber security threats impacting organisations. The findings are reported in the July 2021 Netskope Cloud and Threat Report, the latest installment of Netskope Threat Labs’ biannual research analysing critical trends in enterprise cloud service and app use, web and cloud-enabled threats, and cloud data migrations and transfers.
Among the headline figures is a clear and sustained growth of malware delivered via cloud applications, which now accounts for 68% of all malware delivered to organisations. This growth is happening against a backdrop of continued cloud app proliferation within the enterprise, with adoption increasing 22% during the first 6 months of 2021, and the average company with 500-2,000 employees now using 805 distinct apps and cloud services. 97% of those apps are ‘shadow IT’ - unsanctioned, unsupported and widely unsecured by corporate IT teams.
Unsanctioned cloud app use is not the only potential threat identified in the report; which also indicates a requirement for increased management of sanctioned cloud applications and IAAS. Currently more than a third (35%) of all workloads within AWS, Azure and Google Cloud Platform are ‘unrestricted’, open to public viewing by anyone on the internet.
The report authors also identified an emerging attack opportunity in the widespread usage (97%) of corporate Google credentials being used as a convenient shortcut to log into third party apps. When using Google logins to shortcut access, a third-party app requests a scope of permissions, which can vary from “view basic account info,” to “view and manage the files in your Google Drive”. Third-party apps that request to view and manage Google Drive files pose a significant threat of corporate data exposure.
“Threat actors make it their business to be one step ahead, which is why we work hard to identify potential entry and attack surfaces before they are commonly used, and then ensure organisations can lock down securely before a corporate data loss event,” said Ray Canzanese, Threat Research Director at Netskope. “The trends revealed in the research show that enterprises must rethink security based on the reality of cloud application use. They should favour a security architecture that provides context for apps, cloud services, and web user activity, and that applies zero trust controls to protect data wherever and however it’s accessed”
Key Findings In Summary
Based on anonymised data collected from the Netskope Security Cloud platform across millions of users from January 1, 2021 through June 30, 2021, key findings of the report include:
97% of cloud apps used in the enterprise are shadow IT, unmanaged and often freely adopted.
Third-party app plugins pose serious data risks. 97% of Google Workspace users have authorized at least one third-party app access to their corporate Google account potentially exposing data to third parties due to scopes like “View and manage the files in your Google Drive.”
Uptick in cloud environments that are exposed to the public creates opportunities for attackers. More than 35% of all workloads are exposed to the public Internet within AWS, Azure, and GCP, with RDP servers - a popular infiltration vector for attackers - exposed in 8.3% of workloads.
Cloud-delivered malware is growing and has reached an all time high. Cloud-delivered malware has increased to an all-time high of 68% with cloud storage apps accounting for nearly 67% of cloud malware delivery, and malicious Office docs now accounting for 43% of all malware downloads.
Employees attempt to exfiltrate significant amounts of work data before they depart their jobs. Departing employees upload three times more data to personal apps in the last 30 days of employment, and 15% of that data either originates from a corporate app instance or directly violates a corporate data policy. Google Drive and Microsoft OneDrive personal instances are the most popular targets.
The Netskope Cloud and Threat Report is produced by Netskope Threat Labs, a team composed of the industry’s foremost cloud threat and malware researchers who discover and analyze the latest cloud threats affecting enterprises.
Get the full report here: https://www.netskope.com/blog/july-2021-netskope-cloud-and-threat-report
Netskope, the SASE leader, safely and quickly connects users directly to the internet, any application, and their infrastructure from any device, on or off the network. With CASB, SWG, and ZTNA built natively in a single platform, the Netskope Security Cloud provides the most granular context, via patented technology, to enable conditional access and user awareness while enforcing zero trust principles across data protection and threat prevention everywhere. Unlike others who force tradeoffs between security and networking, Netskope’s global security private cloud provides full compute capabilities at the edge.
Netskope is fast everywhere, data centric, and cloud smart, all while enabling good digital citizenship and providing a lower total-cost-of-ownership.