Threat Labs Cloud Threats on the Rise, Cloud Data on the Move

Feb 19 2020
Cloud Threats on the Rise, Cloud Data on the Move

Cybercriminals see the cloud as an effective method for subverting detection: Today, 44% of malicious threats are cloud-enabled. Sensitive data is increasingly distributed and moving to applications that aren’t necessarily sanctioned or properly secured, with 20% of users moving sensitive data among multiple cloud apps and services. Both of these findings come from Netskope Threat Labs’ February 2020 Cloud + Threat Report, which we released today.  

We created the Cloud + Threat Report by analyzing anonymized data from the Netskope Platform from the second half of 2019. We crunched the numbers from millions of users, seeking to answer questions about threats and the data risks facing organizations that are using cloud apps and services. How are attackers abusing cloud apps and services? Which apps are most popular among attackers? How are users interacting with data in the cloud? Is sensitive data concentrated in a handful of apps and services, or is it spreading out among hundreds of apps? How mobile are users? How distributed are private apps?

The Cloud + Threat Report provides the answers to these questions using a data-driven approach. Among the highlights of the report are:

Nearly half (44%) of threats are cloud-based.

Attackers are moving to the cloud to blend in, increase success rates, and evade detection. Attackers launch attacks through cloud services and apps using familiar techniques including

scams, phishing, malware delivery, command and control, formjacking, chatbots, and data exfiltration. They are successfully abusing the implicit trust users place in cloud apps.

More than half data policy violations come from cloud storage, collaboration, and webmail apps

These are the apps and services that organizations are most worried about and are proactively setting policies to help control the flow of cloud data. The types of violations include privacy, healthcare, finance, source code, and passwords and credentials.

One-fifth (20%) of users move data laterally between cloud apps

From OneDrive to Google Drive, from Google Drive to webmail, from webmail to Slack. We see data crossing many boundaries: moving between cloud app suites, managed and unmanaged apps and instances, app categories, and app risk levels (Netskope Cloud Confidence Levels). In total, we saw data movement among 2,481 different cloud apps and services. The scale of cloud data sprawl is enormous. Our new blog series on cloud data leaks highlights one of the risks of cloud sprawl: data leaks caused by misconfiguration.

One-third (33%) of enterprise users work remotely

We see one-third of users working remotely each day, accessing both private and public apps in the cloud. We also see private app deployment in the cloud increasing, with organizations deploying private apps across multiple cloud service providers and multiple regions. Our previous posts about AWS, GCP, and Azure demonstrate some of the risks surrounding these apps.

Read the full report to learn more about how attackers are using the cloud, sensitive data movement in the cloud, and enterprise cloud adoption.

author image
About the author
Ray is the Director of Netskope Threat Labs, which specializes in cloud-focused threat research. His background is in software anti-tamper, malware detection and classification, cloud security, sequential detection, and machine learning.
Ray is the Director of Netskope Threat Labs, which specializes in cloud-focused threat research. His background is in software anti-tamper, malware detection and classification, cloud security, sequential detection, and machine learning.