Cybercriminals Find Cover in the Cloud: New Netskope Research Finds 44% of Threats are Cloud-Enabled 

Netskope Cloud and Threat Report reveals cloud-enabled threats are on the rise and sensitive data is moving between cloud apps

SANTA CLARA, Calif. – Feb. 19, 2020 – Netskope, the leading security cloud, today announced the release of the February 2020 Netskope Cloud and Threat Report, which analyzes the most interesting trends on enterprise cloud service and app usage, web and cloud-enabled threats, and cloud data migrations and transfers. Based on anonymized data from millions of global users, the report found that 44% of malicious threats are cloud-enabled, meaning that cybercriminals see the cloud as an effective method for subverting detection.

“We are seeing increasingly complex threat techniques being used across cloud applications, spanning from cloud phishing and malware delivery, to cloud command and control and ultimately cloud data exfiltration,” said Ray Canzanese, Threat Research Director at Netskope.  “Our research shows the sophistication and scale of the cloud-enabled kill chain increasing, requiring security defenses that understand thousands of cloud apps to keep pace with attackers and block cloud threats. For these reasons, any enterprise using the cloud needs to  quickly modernize and extend their security architectures.”

Key Findings

Based on aggregated, anonymized data collected from the Netskope Security Platform across millions of users from August 1 through December 31, 2019, key findings of the report include: 

The overwhelming majority (89%) of enterprise users are in the cloud, actively using at least one cloud app every day. Cloud storage, collaboration, and webmail apps are among the most popular in use. Enterprises also use a variety of apps in those categories—142 on average—indicating that while enterprises may officially sanction a handful of apps, users tend to gravitate toward a much wider set in their day-to-day activities. Overall, the average enterprise uses over 2,400 distinct cloud services and apps. 

Top 5 Cloud App Categories  

1. Cloud storage
2. Collaboration
3. Webmail
4. Consumer
5. Social media

Top 10 Most Popular Cloud Apps 

1. Google Drive
2. YouTube
3. Microsoft Office 365 for Business
4. Facebook
5. Google Gmail
6. Microsoft Office 365 SharePoint
7. Microsoft Office 365 Outlook.com
8. Twitter
9. Amazon S3
10. LinkedIn

Nearly half (44%) of threats are cloud-based. Attackers are moving to the cloud to blend in, increase success rates and evade detections. Attackers launch attacks through cloud services and apps using familiar techniques including scams, phishing, malware delivery, command and control, formjacking, chatbots, and data exfiltration. Of these, the two most popular cloud threat techniques are phishing and malware delivery. The top threat techniques in the cloud are phishing and malware delivery.

Top 5 Targeted Cloud Apps

1. Microsoft Office 365 for Business
2. Box
3. Google Drive
4. Microsoft Azure
5. Github

Over 50% of data policy violations come from cloud storage, collaboration, and webmail apps, and the types of data being detected are primarily DLP rules and policies related to privacy, healthcare, and finance. This shows that users are moving sensitive data across multiple dimensions among a wide variety of cloud services and apps, including personal instances and unmanaged apps in violation of organizational policies.

One-fifth (20%) of users move data laterally between cloud apps, such as copying a document from OneDrive to Google Drive or sharing it via Slack. More importantly, the data crosses many boundaries: moving between cloud app suites, between managed and unmanaged apps, between app categories, and between app risk levels (Netskope Cloud Confidence Levels). Moreover, 37% of the data that users move across cloud apps is sensitive. In total, Netskope has tracked lateral data movement among 2,481 different cloud services and apps, indicating the scale and the variety of cloud use across which sensitive information is being dispersed.

One-third (33%) of enterprise users work remotely on any given day, across more than eight locations on average, accessing both public and private apps in the cloud. This trend has contributed to the inversion of the traditional network, with users, data, and apps now on the outside. It also shows increasing demand on legacy VPNs and questions the availability of defenses to protect remote workers.

The Netskope Cloud and Threat Report is produced by Netskope Threat Labs, a team composed of the industry’s foremost cloud threat and malware researchers who discover and analyze the latest cloud threats affecting enterprises.

Download the full report here.

About Netskope

The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and delivers data-centric security from one of the world’s largest and fastest security networks, empowering the largest organizations in the world with the right balance of protection and speed they need to enable business velocity and secure their digital transformation journey. Reimagine your perimeter with Netskope.