Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Cloud apps are coming under increasing attack

An abstract image of a cloud raining data.

Employees in the telecommunications industry interact with fewer cloud apps in their day-to-day work, compared to people in other verticals. However, they are still the biggest victims of cloud-sourced malware. 

This is according to a new report from Netskope Threat Labs, claiming cloud apps are being increasingly abused in malware attacks, with telco firms being particularly vulnerable. 

Based on an analysis of Netskope’s 2,500+ customers in the telecommunications industry, the report says that users in this vertical upload and download files to cloud apps at a similar rate, compared to other industries while, at the same time, using fewer apps on average.

Biggest victims

The average user in the telco vertical interacts with 24 cloud apps in any given month, the majority being in the Microsoft ecosystem (OneDrive, Teams, Outlook).

In fact, OneDrive is the most popular app for uploading data, with 30% of users in the industry using it to upload files daily (50% more than the average). It’s also similar with downloads - 35%.

While all organizations, regardless of their size or vertical, are targeted by cloud-borne malware, telcos are the biggest victims by a 7% margin compared to everyone else, Netskope explained. OneDrive and GitHub had the most malware downloads, followed by Outlook. Most of the time, the victims would grab the remote access trojan (RAT) Remcos, the malicious loader Guloader, and a popular infostealer named AgentTesla.

According to Paolo Passeri, Cyber Intelligence Principal at Netskope, this discrepancy in the percentage of malware delivered stems from a more “open attitude” employees in telecommunications have towards cloud services. 

“This open attitude towards online services is also visible in the malware families that target telecoms users. In comparison to other verticals, there are many more malware families targeting this sector,” Passeri explained.

Finally, he said that different cloud services are abused in different stages of the attack chain, with Guloader storing the encrypted payload on cloud services, for example, or Gandoreiro abusing Azure to deliver the final payload.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.