Manufacturing sector AI and cloud app adoption is giving hackers even more ways in

Digital clouds against a blue background.
(Image credit: Shutterstock / Blackboard)

With every passing day, the number of Artificial Intelligence (AI) and cloud apps used by enterprises in the manufacturing sector grows. While commendable, this move also resulted in new avenues that cybercriminals can explore.

This is according to a new report from Netskope Threat Labs, published earlier this week. It claims that cloud app usage has grown significantly, with organizations in the sector now interacting with 24 cloud apps each month, on average.

Of all the different apps, OneDrive seems to be the driving force (pun definitely intended), since its popularity grew from 43% to 58% year-on-year.

Higher risks

When it comes to AI, businesses are also inclined towards Microsoft products. This year, Microsoft Copilot is in the manufacturing top 10 apps. With recent updates to Windows 10, and the increasing adoption of Windows 11, which will grow even further next year when Windows 10 hits EOD, it’s safe to assume that Copilot’s share will only grow.

But with increasing adoption also lurk risks. Roughly a half of all global HTTP/HTTPS malware downloads originate from popular cloud apps, Netskope said, adding that the most popular apps around the world “are also among the top apps in terms of the number of malware downloads.” In fact, OneDrive is the top app being abused for malware delivery in manufacturing, with 22%, twice as much as the second- and third-placed Sharepoint and GitHub, who each have 10%.

Crooks are mostly deploying one of these five malware families: Downloader.Guloader; Infostealer.AgentTesla; Phishing.PhishingX; Trojan.Grandoreiro; and Trojan.RaspberryRobin. For Paolo Passeri, Cyber Intelligence Principal at Netskope, this is interesting, since hackers are mostly interested in flexibility:

“What really caught my eye in this report is the fact that threat actors are diversifying the kind of payload they are delivering to organizations in manufacturing,” he said. “Rather than focusing on specific categories of malware, they prefer to deliver flexible downloaders or remote access tools (GuLoader, AgentTesla, and RaspberryRobin), which can then distribute multiple kinds of payloads depending on the attackers' objectives. Businesses will need to implement strict policies that ensure the safe handling of sensitive data, and regularly monitor cloud traffic for malicious behavior.”

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.