They are more familiar with online tools such as cloud apps, and this figure shows that threat actors tend to exploit this familiarity.
20 June 2024: Netskope Threat Labs has today published its latest research report, revealing an increasing trend of attackers abusing popular enterprise apps to deliver malware to victims in the telecoms industry. This rising trend is against a backdrop of a continued increase in cloud app adoption in the sector, where users engage strongly with a small selection of popular apps, including Microsoft. With this increased use of cloud apps, telecoms is the biggest victim of cloud-sourced malware by a considerable 7% margin compared to other industries.
Key findings include:
- Cloud app adoption:
- Users in the telecoms industry upload and download files to cloud apps at a similar rate to other industries, but tend to interact with fewer cloud apps on average.
- The average user in telcos interacts with 24 cloud apps per month, with a strong preference for Microsoft apps. Microsoft OneDrive, Teams, and Outlook are the industry’s top three most popular apps.
- Microsoft OneDrive is also the most popular app for uploading data, with 30% of telecom industry users uploading data to OneDrive daily, 50% more than the average across all industries. Similarly, Microsoft OneDrive is the most popular app for downloads in the telecoms industry, with 35% of users downloading from it.
- Cloud app abuse:
- The percentage of malware downloads from telco industry users fell in line with the global trend, bottoming out in the second half of 2023 and beginning to increase again in early 2024.
- Organisations in the telecoms industry are the biggest victims of cloud-sourced malware by a considerable 7% margin compared to other industries.
- Microsoft OneDrive and GitHub had the most malware downloads, followed by Outlook. The other apps in the top 10 are similar to those in other industries with only minor differences, including more malware downloads from SourceForce, the open-source software development website, and Google Cloud Storage.
- Malware and ransomware: Among the most prevalent malware families targeting organisations in the telecoms industry were the remote access Trojan Remcos, the downloader Guloader, and the infostealer AgentTesla.
Speaking on the findings, Paolo Passeri, Cyber Intelligence Principal at Netskope, said, “Users in the telecoms industry tend to interact with fewer cloud apps in comparison to other verticals, yet the percentage of malware delivered from the cloud is 7 points higher than the other sectors. This indicates that employees within the sector have a more open attitude toward cloud services, and this inevitably reflects a wider exposure to threats. They are more familiar with online tools such as cloud apps, and this figure shows that threat actors tend to exploit this familiarity.
“This open attitude towards online services is also visible in the malware families that target telecom users. In comparison to other verticals, there are many more malware families targeting this sector, with a wide range of threats spanning from IoT (the omnipresent Mirai) to downloaders (BanLoad and Guloader), banking trojans (Grandoreiro), infostealers (such as AgentTesla and Redline), and phishing bait PDF documents.
“Interestingly, many of these threats are characterised by the exploitation of authentic and well-reputed cloud services throughout different stages of the attack chain: Guloader stores the encrypted payload on legitimate cloud services such as Microsoft OneDrive or Google Drive; Grandoreiro often abuses Microsoft Azure (but also AWS and Google) to deliver the final payload; and even phishing bait PDF documents are often hosted on legitimate cloud storage services to seem more realistic and legitimate.”
The report is based on anonymised usage data collected about a healthcare sector subset of Netskope’s 2,500+ customers, all of whom give prior authorisation for their data to be analysed in this manner.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
