Netskope Threat Labs has published its latest research report, revealing an increasing trend of attackers abusing popular enterprise apps to deliver malware to victims in the telecoms industry. This rising trend is against a backdrop of continued increase in cloud app adoption in the sector, where users engage strongly with a small selection of popular apps, including Microsoft. Tracking with this increased use of cloud apps, telecoms is the biggest victim of cloud-sourced malware by a considerable 7% margin compared to other industries.
Speaking on the findings, Paolo Passeri, Cyber Intelligence Principal at Netskope said;
“Users in the telecoms industry tend to interact with fewer cloud apps in comparison to other
verticals, yet the percentage of malware delivered from the cloud is 7 points higher than the other sectors. This indicates that employees within the sector have a more open attitude to cloud services and this inevitably reflects in a wider exposure to threats. They are more familiar with online tools such as cloud apps and this figure shows that threat actors tend to exploit this familiarity.
“This open attitude towards online services is also visible in the malware families that target
telecoms users. In comparison to other verticals, there are many more malware families
targeting this sector, with a wide range of threats spanning from IoT to downloaders , banking trojans , infostealers , and phishing bait PDF documents.
“Interestingly many of these threats are characterised by the exploitation of authentic and well
reputed cloud services throughout different stages of the attack chain: Guloader stores the
encrypted payload on legitimate cloud services such as Microsoft OneDrive or Google Drive,
Grandoreiro often abuses Microsoft Azure to deliver the final payload, and even phishing bait PDF documents are often hosted on legitimate cloud storage service to seem more realistic and legitimate.”
The report is based on anonymised usage data collected about a healthcare sector subset of Netskope’s
2,500+ customers, all of whom give prior authorisation for their data to be analysed in this manner.