Cloud-enabled threats are on the rise, sensitive data is moving between cloud apps
44% of malicious threats are cloud enabled, meaning that cybercriminals see the cloud as an effective method for subverting detection, according to Netskope.
“We are seeing increasingly complex threat techniques being used across cloud applications, spanning from cloud phishing and malware delivery, to cloud command and control and ultimately cloud data exfiltration,” said Ray Canzanese, Threat Research Director at Netskope.
“Our research shows the sophistication and scale of the cloud enabled kill chain increasing, requiring security defenses that understand thousands of cloud apps to keep pace with attackers and block cloud threats. For these reasons, any enterprise using the cloud needs to modernize and extend their security architectures.”
Enterprises using a variety of apps
89% of enterprise users are in the cloud, actively using at least one cloud app every day. Cloud storage, collaboration, and webmail apps are among the most popular in use.
Enterprises also use a variety of apps in those categories – 142 on average – indicating that while enterprises may officially sanction a handful of apps, users tend to gravitate toward a much wider set in their day-to-day activities. Overall, the average enterprise uses over 2,400 distinct cloud services and apps.
Top 5 cloud app categories
- Cloud storage
- Collaboration
- Webmail
- Consumer
- Social media
Top 10 most popular cloud apps
- Google Drive
- YouTube
- Microsoft Office 365 for Business
- Google Gmail
- Microsoft Office 365 SharePoint
- Microsoft Office 365 Outlook.com
- Amazon S3
Threats are mostly cloud based
44% of threats are cloud-based. Attackers are moving to the cloud to blend in, increase success rates and evade detections.
Attackers launch attacks through cloud services and apps using familiar techniques including scams, phishing, malware delivery, command and control, formjacking, chatbots, and data exfiltration. Of these, the two most popular cloud threat techniques are phishing and malware delivery. The top threat techniques in the cloud are phishing and malware delivery.
Top 5 targeted cloud apps
- Microsoft Office 365 for Business
- Box
- Google Drive
- Microsoft Azure
- Github
Data policy violations come from cloud storage
Over 50% of data policy violations come from cloud storage, collaboration, and webmail apps, and the types of data being detected are primarily DLP rules and policies related to privacy, healthcare, and finance.
This shows that users are moving sensitive data across multiple dimensions among a wide variety of cloud services and apps, including personal instances and unmanaged apps in violation of organizational policies.
The risk of lateral data movement
20% of users move data laterally between cloud apps, such as copying a document from OneDrive to Google Drive or sharing it via Slack. More importantly, the data crosses many boundaries: moving between cloud app suites, between managed and unmanaged apps, between app categories, and between app risk levels.
Moreover, 37% of the data that users move across cloud apps is sensitive. In total, lateral data movement has been tracked among 2,481 different cloud services and apps, indicating the scale and the variety of cloud use across which sensitive information is being dispersed.
Protecting remote workers
One-third of enterprise users work remotely on any given day, across more than eight locations on average, accessing both public and private apps in the cloud. This trend has contributed to the inversion of the traditional network, with users, data, and apps now on the outside.
It also shows increasing demand on legacy VPNs and questions the availability of defenses to protect remote workers.