Netskope Threat Labs publishes a monthly summary blog post of the top threats we track on the Netskope platform. This post aims to provide strategic, actionable intelligence on active threats against enterprise users worldwide.
Summary
- OneDrive and GitHub were on the top of the list of top cloud apps used for malware downloads, showing a very strong preference from adversaries and the return of GitHub to the top three.
- Attackers continue to attempt to fly under the radar by using cloud apps to deliver malware. In February, 49% of all malware downloads originated from a record-setting 215 distinct cloud apps.
- The top malware families active in February included the banking trojan Grandoreiro, the RAT AdWind, and the ransomware Lockbit.
Cloud Malware Delivery
Attackers attempt to fly under the radar by delivering malicious content via popular cloud apps. Abusing cloud apps for malware delivery enables attackers to evade security controls that rely primarily on domain block lists and URL