Netskope today released its biannual “Cloud and Threat Report” analyzing critical trends in enterprise cloud services and application usage, web and cloud-enabled threats, and cloud data migrations and transfers. A standout number revealed was the clear and sustained growth of malware spread through cloud applications, which now accounts for 68% of all malware reaching organizations. This growth is taking place against a backdrop of continued proliferation of cloud applications across enterprises, with adoption increasing 22% during the first 6 months of 2021. An average company with 500 to 2,000 employees uses 805 distinct cloud applications and services, with 97 % of these applications are ‘shadow IT’ – that is, unsanctioned, unsupported, and largely unprotected by corporate IT teams.
Unauthorized use of cloud applications is not the only potential threat identified in the report, it also indicates a need for greater management of these activities and IAAS (Infrastructure as a Service). Currently, more than a third (35%) of all workloads within the AWS, Azure and Google Cloud Platform are “unrestricted use”, open for public viewing by anyone on the Internet.
The report’s authors also identified a growing opportunity for attacks in the widespread use (97%) of Google’s corporate credentials being used as a convenient shortcut to access third-party applications. When using logins from Google to access shortcut, a third-party application requests a scope of permissions, which can range from “view basic account information” to “view and manage the files in your Google Drive”. Third-party applications that request the viewing and management of Google Drive files pose a significant threat of corporate data exposure.
“Attack spreaders aim to always be one step ahead, and that’s why we work hard to identify potential entry points and attack surfaces before they are used, and thus ensure companies can securely block them beforehand. loss of corporate data,” says Ray Canzanese, director of threat research at Netskope. “The trends revealed in the survey show that companies must rethink security based on the reality of using cloud applications. They must contemplate a security architecture that provides context for applications, cloud services and user activities on the web where Zero Trust controls are implemented to protect data from anywhere and from any equipment.”
Summary of Main Results of the Report
Based on anonymous data collected by the Netskope Security Cloud platform from millions of users from January 1, 2021 to June 30, 2021, the main conclusions of the report are:
● 97% of cloud applications used in companies are shadow IT, unmanaged and often freely adopted;
● Plugins third-party applications pose serious data risks. 97% of Google Workspace users have authorized at least one third-party application access to their corporate Google account, potentially exposing data to third parties due to “View and manage files in your Google Drive” scopes;
● The rise of publicly exposed cloud environments creates opportunities for attackers. More than 35% of all workloads are exposed to the public Internet on AWS, Azure and GCP, with RDP (Remote Desktop Protocol) servers – a popular infiltration vector for attackers – exposed on 8.3% of workloads;
● Malware disseminated in the cloud is growing and has reached an all-time high of 68%, with cloud storage applications accounting for nearly 67% of cloud malware delivery, and malicious Office documents now accounting for 43% of all downloads of malware;
● Employees attempt to exfiltrate significant amounts of work data before leaving their jobs and upload three times as much data for personal applications in the last 30 days of employment. Of that data 15% originates from a corporate application instance or directly violates a corporate data policy. Personal instances of Google Drive and Microsoft OneDrive are the most common targets.