Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. This post aims to provide strategic, actionable intelligence on active threats against enterprise users worldwide.
Summary
- OneDrive and SharePoint were again in the top of the list of top cloud apps used for malware downloads, showing a very strong preference from adversaries.
- Attackers continue to attempt to fly under the radar by using cloud apps to deliver malware, with 49% of all malware downloads in January originating from 178 cloud apps.
- A wide variety of malware families were circulating in January. Malware families including the Infostealer AgentTesla, the RAT AdWind, and the ransomware Lockbit and Trigona were among top families.
Cloud Malware Delivery
Attackers attempt to fly under the radar by delivering malicious content via popular cloud apps. Abusing cloud apps for malware delivery enables attackers to evade security controls that rely primarily on domain block lists and URL filtering or don’t inspect cloud traffic. In January 2024, 49% of all HTTP/HTTPS malware downloads originated from popular cloud apps. The percentage of downloads from popular cloud apps has been hovering around 50% for the past six months.
The first month of the year started with many cloud apps from which malware downloads originated, at 178.
Attackers achieve the most success reaching enterprise users when they abuse cloud apps already popular in the enterprise. Microsoft OneDrive, the most popular enterprise cloud app, has again held the top spot for the most cloud malware downloads, which it has held for more than six months.
The top 10 apps remained largely unchanged when compared to the apps used in the last six months of 2023. The top apps of January include hosting apps like SharePoint, email services like Microsoft Live Outlook, and free software hosting sites (GitHub). The top 10 list reflects attacker tactics, user behavior, and company policy.
Top Malware Families
Attackers are constantly creating new malware families and new variants of existing families, either in an attempt to bypass security solutions or to update their malware’s capabilities. In January 2024, 57% of all malware downloads detected by Netskope were either new families or new variants that had not been observed in the preceding six months. The other 43% were samples that had been previously observed during the preceding six months and are still circulating in the wild.
The following list contains the top malware a