Netskope Threat Labs has released a new report highlighting a surge in cyberattacks leveraging popular enterprise cloud apps to target the telecom sector. This trend coincides with the sector’s growing use of cloud applications, especially a select few like Microsoft apps. The telecom industry now experiences a 7% higher rate of cloud-based malware attacks than other industries.
Key Insights:
Cloud App Usage:
– Telecom industry users upload and download files from cloud apps at a similar rate to other sectors but interact with fewer apps overall.
– On average, telecom users engage with 24 cloud apps monthly, with Microsoft OneDrive, Teams, and Outlook being the most favored.
– Microsoft OneDrive leads in data uploads, with 30% of telecom users uploading daily, 50% more than the cross-industry average. It also tops downloads, with 35% of users downloading from it.
Cloud App Abuse:
– Malware downloads among telecom users aligned with global trends, decreasing in late 2023 and rising again in early 2024.
– Telecom organizations face the highest rate of cloud-sourced malware attacks, 7% more than other industries.
– The top sources of malware downloads in the telecom sector are Microsoft OneDrive, GitHub, and Outlook, with additional downloads from SourceForge and Google Cloud Storage.
Malware and Ransomware Trends:
– Predominant malware targeting telecom firms includes Remcos (remote access Trojan), Guloader (downloader), and AgentTesla (infostealer).
Commentary from Paolo Passeri, Cyber Intelligence Principal at Netskope:
Passeri noted that while telecom employees use fewer cloud apps than other sectors, they are more susceptible to cloud-based malware, with a 7% higher incidence rate. This is attributed to their familiarity and openness towards cloud services, making them more vulnerable to exploitation.
He highlighted the diversity of threats in this sector, ranging from IoT malware like Mirai to various trojans and phishing schemes. Many attacks involve legitimate cloud services at different stages, with Guloader using platforms like Microsoft OneDrive for payload storage and Grandoreiro exploiting Microsoft Azure, AWS, and Google services.
The report’s findings are based on anonymized data from a subset of Netskope’s 2,500+ customers in the healthcare sector, analyzed with prior authorization.