Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide.
Summary
- Attackers continue to attempt to fly under the radar by using cloud apps to deliver malware, with 60% of all malware downloads in June originating from 155 cloud apps.
- While Microsoft OneDrive, the most popular enterprise app, continues to be the cloud app with the most malware downloads, the share of downloads it represents has decreased for the third consecutive month.
- Bundlore and Pirrit, two adwares targeting Mac OS X users, made the top ten list for malware downloads as attackers continue to target OS X.
Cloud Malware Delivery
Attackers attempt to fly under the radar by delivering malicious content via popular cloud apps. Abusing cloud apps for malware delivery enables attackers to evade security controls that rely primarily on domain block lists and URL filtering, or that do not inspect cloud traffic. In June 2023, 60% of all HTTP/HTTPS malware downloads originated from popular cloud apps, one point higher than May and one point lower than the all-time high in February.
At the same time, the total number of cloud apps from which the downloads originated fell slightly from its all time high in May to 155.
Attackers achieve the most success reaching enterprise users when they abuse cloud apps that are already popular in the enterprise. Microsoft OneDrive, the most popular enterprise cloud app, has held the top spot for the most cloud malware downloads for more than six months. Although the percentage of cloud downloads from OneDrive has fallen for the third consecutive month, it still remains in first place. Other top apps for malware downloads include free web hosting services (Squarespace and Weebly), free software hosting sites (GitHub), collaboration apps (SharePoint), cloud storage apps (Azure Blob Storage, Google Drive, Box), and webmail apps (Outlook.com). DocPlayer, a free document sharing app, made the top ten for the third consecutive months as malicious PDF files have increased in popularity. The top ten list is a reflection of attacker tactics, user behavior, and company policy.
Top Malware File Types
By file type, Microsoft Windows Portable Executable files (EXE/DLL) accounted for the plurality of malware downloads in June, as they have for the past four months. Remaining in second place for the second consecutive month were PDF files, which increased their lead over ZIP archives slightly. Mac DMG files were edged out of the top ten by malicious 7 Zip files after a three-month stay in the top ten list.