Cloud apps are coming under increasing attack

An abstract image of a cloud raining data.

(Image credit: Pixabay)

Employees in the telecommunications industry interact with fewer cloud apps in their day-to-day work, compared to people in other verticals. However, they are still the biggest victims of cloud-sourced malware.

This is according to a new report from Netskope Threat Labs, claiming cloud apps are being increasingly abused in malware attacks, with telco firms being particularly vulnerable.

Based on an analysis of Netskope’s 2,500+ customers in the telecommunications industry, the report says that users in this vertical upload and download files to cloud apps at a similar rate, compared to other industries while, at the same time, using fewer apps on average.

Biggest victims

The average user in the telco vertical interacts with 24 cloud apps in any given month, the majority being in the Microsoft ecosystem (OneDrive, Teams, Outlook).

In fact, OneDrive is the most popular app for uploading data, with 30% of users in the industry using it to upload files daily (50% more than the average). It’s also similar with downloads - 35%.

While all organizations, regardless of their size or vertical, are targeted by cloud-borne malware, telcos are the biggest victims by a 7% margin compared to everyone else, Netskope explained. OneDrive and GitHub had the most malware downloads, followed by Outlook. Most of the time, the victims would grab the remote access trojan (RAT) Remcos, the malicious loader Guloader, and a popular infostealer named AgentTesla.

According to Paolo Passeri, Cyber Intelligence Principal at Netskope, this discrepancy in the percentage of malware delivered stems from a more “open attitude” employees in telecommunications have towards cloud services.

“This open attitude towards online services is also visible in the malware families that target telecoms users. In comparison to other verticals, there are many more malware families targeting this sector,” Passeri explained.

Finally, he said that different cloud services are abused in different stages of the attack chain, with Guloader storing the encrypted payload on cloud services, for example, or Gandoreiro abusing Azure to deliver the final payload.

More from TechRadar Pro

Magento bug exploited to steal payment data from ecommerce websites
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.