With every passing day, the number of Artificial Intelligence (AI) and cloud apps used by enterprises in the manufacturing sector grows. While commendable, this move also resulted in new avenues that cybercriminals can explore.
This is according to a new report from Netskope Threat Labs, published earlier this week. It claims that cloud app usage has grown significantly, with organizations in the sector now interacting with 24 cloud apps each month, on average.
Of all the different apps, OneDrive seems to be the driving force (pun definitely intended), since its popularity grew from 43% to 58% year-on-year.
Higher risks
When it comes to AI, businesses are also inclined towards Microsoft products. This year, Microsoft Copilot is in the manufacturing top 10 apps. With recent updates to Windows 10, and the increasing adoption of Windows 11, which will grow even further next year when Windows 10 hits EOD, it’s safe to assume that Copilot’s share will only grow.
But with increasing adoption also lurk risks. Roughly a half of all global HTTP/HTTPS malware downloads originate from popular cloud apps, Netskope said, adding that the most popular apps around the world “are also among the top apps in terms of the number of malware downloads.” In fact, OneDrive is the top app being abused for malware delivery in manufacturing, with 22%, twice as much as the second- and third-placed Sharepoint and GitHub, who each have 10%.
Crooks are mostly deploying one of these five malware families: Downloader.Guloader; Infostealer.AgentTesla; Phishing.PhishingX; Trojan.Grandoreiro; and Trojan.RaspberryRobin. For Paolo Passeri, Cyber Intelligence Principal at Netskope, this is interesting, since hackers are mostly interested in flexibility:
“What really caught my eye in this report is the fact that threat actors are diversifying the kind of payload they are delivering to organizations in manufacturing,” he said. “Rather than focusing on specific categories of malware, they prefer to deliver flexible downloaders or remote access tools (GuLoader, AgentTesla, and RaspberryRobin), which can then distribute multiple kinds of payloads depending on the attackers' objectives. Businesses will need to implement strict policies that ensure the safe handling of sensitive data, and regularly monitor cloud traffic for malicious behavior.”
More from TechRadar Pro
- Cloud apps are coming under increasing attack
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
