Google Drive accounted for the highest number of malware downloads from cloud storage sites in 2021

Google took the top spot for malicious downloads of Microsoft OneDrive as attackers created free accounts, downloaded malware and shared documents with unsuspecting users, Netskope says.

Artwork: Andy Wolber/TechRepublic

The more cybercriminals can take advantage of a legitimate service, the better their chances of tricking people into falling for their scams. This is why popular services such as Google and Microsoft are exploited in malicious attacks. In fact, Google Drive ended 2021 as the most-used cloud storage service for malware downloads, according to security vendor Netskope.

SEE: Social engineering: checklist for professionals (free PDF) (TechRepublic)

In his “January 2022 Cloud and Threat Reportpublished on Tuesday, Netskope noted that cloud storage apps saw even greater adoption in 2021. For the year, 79% of analyzed customers used at least one cloud storage app, up from 71% in 2020. number of cloud storage applications used has also increased. Organizations with 500 to 2,000 employees used 39 different cloud storage applications last year, up from 35 the previous year.

This increased use of cloud applications has understandably excited cybercriminals, who have greedily abused these applications to deploy malware. In 2021, cloud storage applications accounted for 69% of cloud-based malware downloads, up from 72% in 2020. These services are ready-made exploitation targets, as attackers can easily create free accounts, download their infectious payloads, and then share them. malicious documents with potential victims.

For the year, Google Drive took first place from Microsoft OneDrive as the cloud storage app with the most malicious downloads, accounting for 37% of them. OneDrive fell to second place with 20% of registered malware downloads. SharePoint rounds out the top five with 9%, Amazon S3 with 6%, and GitHub with 3%.

Last year’s results contrast with 2020, where OneDrive was the most exploited cloud storage app for malicious downloads at 29%, followed by Box at 17%, Amazon S3 at 15%, SharePoint at 13%. % and Google Drive with only 9%.

Beyond evidence of Google’s growing popularity, there are other reasons why Google Drive overtook other services in malware downloads last year, according to Netskope. In 2020, the Emotet botnet used Box to deliver most malicious Office document payloads. But with Emotet taken down by global law enforcement in early 2021, this business has been dormant for most of the year. To pick up the slack, attackers trying to duplicate the success of Emotet have turned to Google Drive to share malicious Office documents.

With cloud-based storage applications being such a tempting target of exploitation, how can individuals and organizations protect themselves against malicious documents? Netskope offers the following tips:

  1. Use single sign-on (SSO) and multi-factor authentication (MFA) for managed and unmanaged apps. Implement adaptive policy controls to strong authentication based on user, device, application, data and activity.
  2. Implement multi-layered inline threat protection for all cloud and web traffic to prevent malware from reaching your endpoints and prevent outbound malware communications.
  3. Configure granular policy controls to protect your data. These controls should track and manage data transferred to and from applications, as well as between your organization and personal instances, including IT, users, websites, devices, and locations.
  4. Use cloud data protection to protect sensitive data against internal and external threats across web, email, SaaS, shadow computing, and public cloud services. Adopt security posture management for Software as a Service (SaaS) and Identity as a Service (IaaS) models.
  5. Configure behavioral analysis to find insider threats, data exfiltration, compromised devices, and compromised credentials.

“The growing popularity of cloud applications has given rise to three types of abuse described in this report: attackers trying to gain access to victimized cloud applications, attackers abusing cloud applications to distribute malware, and insiders using cloud applications for data exfiltration,” Netskope Threat Labs Threat Research Director Ray Canzanese said in a press release. “The report serves as a reminder that the same apps you use for legitimate purposes will be attacked and abused. Locking down cloud apps can help prevent attackers from infiltrating them, while scanning for incoming threats and outgoing data can help block malware downloads and data exfiltration.

Sam D. Gomez