Even After Emotet Removal, Office Documents Now Provides 43% Of All Malware Downloads

Cloud-delivered malware rose 68% in the second quarter, according to data from cybersecurity firm Netskope.

The company released the fifth edition of its Cloud and Threat Report which covers the risks, threats and cloud data trends it observes throughout the quarter.

The report notes that cloud storage applications account for more than 66% of the spread of malware in the cloud.

“In Q2 2021, 43% of all malware downloads were malicious Office documents, up from just 20% at the start of 2020. This increase comes even after Emotet’s withdrawal, indicating that other groups have observed the success of the Emotet team and have adopted similar techniques, ”the report states.

“Collaboration apps and developer tools make up the second largest percentage, as attackers abuse popular chat apps and code repositories to distribute malware. In total, Netskope detected and blocked malware downloads from 290 separate cloud applications during the first half of 2021. “



The researchers behind the report explained that cybercriminals distribute malware through cloud applications “to bypass blocklists and take advantage of any application-specific permission lists.” Cloud service providers typically remove most malware immediately, but some attackers have found ways to cause significant damage in a short period of time undetected in a system.

According to company researchers, about 35% of all workloads are also exposed to the public Internet within AWS, Azure, and GCP, with public IP addresses accessible from anywhere on the Internet. Internet.

RDP servers – which they say have become “a popular infiltration vector for attackers” – were exposed in 8.3% of workloads. An average enterprise with between 500 and 2,000 employees now deploys 805 separate cloud applications and services, 97% of which are “unmanaged and often freely adopted by business units and users.”

The rapid adoption of enterprise cloud applications continued in 2021, with data showing adoption up 22% for the first half of the year. But, the report notes that “97% of cloud applications used in the enterprise are computer observation, unmanaged and often freely adopted by business units and users.”

The report also raises questions about employee habits, both at work and at home. The report raises concerns about the almost universal trend of employees allowing at least one third-party app in Google Workspace.

The Netskope report shows that employees leaving an organization download three times as much data in their personal apps in the last 30 days of employment.

Downloads leave company data exposed as much of it is uploaded to personal Google Drive and Microsoft OneDrive, which are popular targets for cyber attackers. According to Netskope’s findings, 15% “download files that have been copied directly from instances of managed applications or that violate a corporate data policy.”

The researchers also add that remote working is still in full swing at the end of June 2021, with 70% of users surveyed still working remotely.

“At the start of the pandemic, when users started working from home, we saw an increase in the number of users visiting risky websites, including adult content, file sharing, and hacking websites. “, adds the report.

“Over time, this risky web surfing faded as users likely got used to working from home, and IT teams were able to educate users on acceptable usage policies. “

The report touts the decline in risky browsing, but also highlights the “growing danger of malicious Office documents” and cloud configurations as particularly thorny issues.

Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, said the shift to a hybrid work environment last year meant cybersecurity had to evolve from perimeter and network to management focused on the cloud, identities and privileged access.

“Organizations must continue to adapt and prioritize managing and securing access to business applications and data, such as those similar to BYOD device types, which means more segregation networks for devices. unreliable but secure with strong privileged access security controls to enable productivity and access, ”Carson said.

Sam D. Gomez