Light Dark
April 13, 2021 By David Bisson 2 min read
News

Malware actors aren’t struggling to adapt their attack campaigns to cloud applications. If they were, then they probably wouldn’t have sent 61% of their malicious payloads in 2020 via cloud-based apps.

That’s up from 48% of malware samples in 2019, according to a study from Netskope. This reveals the extent to which digital attackers are turning to the cloud more and more. This preference comes with certain advantages; using cloud apps helps the attackers evade older email and web defense solutions.

Read on to learn more about how cloud-based apps factor into attacks.

The Importance of Cloud App Security

As noted in the report, the number of cloud applications leveraged by enterprise increased 20% over the course of 2020. Organizations with at least 500 employees and at most 2,000 workers are now using an average of 664 distinct cloud apps each month.

Half of those programs registered a ‘Poor’ rating on the study’s Cloud Confidence Index. This finding shows that many of the cloud apps weren’t ready for enterprise use.

It’s therefore not surprising that digital attackers are using these apps to distribute cloud malware. To be specific, more than half (58%) turned to malicious Microsoft Office documents. They could use these as a means of sending ransomware, back doors and other threats.

At the same time, they’re using cloud apps in other ways, too. Attackers now target cloud-based apps in more than one-third (36%) of phishing attacks as a means of gaining a foothold in the target’s network.

More Recent Cloud App Breaches

Some examples would be useful here. In September 2020, for instance, Proofpoint witnessed a threat actor known as ‘TA2552’ using Spanish-language lures in order to trick users into visiting Microsoft-themed consent pages. Those pages instructed the users to grant a third-party application read-only user permissions to their Office 365 account — rights that the attackers could have used to steal a victim’s information and/or conduct identity theft.

In another piece of research, Proofpoint discovered 180 distinct cloud applications using ‘consent phishing’ tactics in an attempt to access cloud resources over the course of 2020.

Proofpoint wasn’t the only security vendor that spotted malicious actors misusing cloud applications. In October 2020, for instance, Cisco Talos observed the DoNot APT team spreading a new threat called Firestarter. The attackers had the malware interact with the Google Firebase Cloud Messaging cloud solution in order to pinpoint the final payload location.

How to Defend Against Cloud App Misuse

The examples described above highlight the need for groups to defend themselves against misuse of cloud applications. One of the ways they can do this is by managing access to their cloud-based apps. Knowing phishers’ growing preference for these types of programs, consider using multifactor authentication and enabling single sign-on. These controls will help to limit who can access what within those apps.

Organizations also need to prevent digital attackers from gaining access to the information stored within their cloud applications. Towards that end, they should consider using data encryption. Not only will this help to render sensitive information inaccessible in the event of a data breach, but it might also prevent a ransomware strain from activating its encryption routine if an infection does succeed.

 |  |  |  |  | 
David Bisson
Contributing Editor

More from News
January 13, 2025

Insights from CISA’s red team findings and the evolution of EDR

3 min read - A recent CISA red team assessment of a United States critical infrastructure organization revealed systemic vulnerabilities in modern cybersecurity. Among the most pressing issues was a heavy reliance on endpoint detection and response (EDR) solutions, paired with a lack of network-level protections. These findings underscore a familiar challenge: Why do organizations place so much trust in EDR alone, and what must change to address its shortcomings? EDR’s double-edged sword A cornerstone of cyber resilience strategy, EDR solutions are prized for…

December 30, 2024

DHS: Guidance for AI in critical infrastructure

4 min read - At the end of 2024, we've reached a moment in artificial intelligence (AI) development where government involvement can help shape the trajectory of this extremely pervasive technology. In the most recent example, the Department of Homeland Security (DHS) has released what it calls a "first-of-its-kind" framework designed to ensure the safe and secure deployment of AI across critical infrastructure sectors. The framework could be the catalyst for what could become a comprehensive set of regulatory measures, as it brings into…

December 26, 2024

Apple Intelligence raises stakes in privacy and security

3 min read - Apple’s latest innovation, Apple Intelligence, is redefining what’s possible in consumer technology. Integrated into iOS 18.1, iPadOS 18.1 and macOS Sequoia 15.1, this milestone puts advanced artificial intelligence (AI) tools directly in the hands of millions. Beyond being a breakthrough for personal convenience, it represents an enormous economic opportunity. But the bold step into accessible AI comes with critical questions about security, privacy and the risks of real-time decision-making in users’ most private digital spaces. AI in every pocket Having…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature