Employees in the telecommunications industry interact with fewer cloud applications in their daily work, compared to people in other verticals. However, they remain the biggest victims of cloud-based malware.
This is according to a new report from Netskope Threat Labs, which claims that cloud applications are increasingly being abused in malware attacks, with telecommunications companies being particularly vulnerable.
Based on an analysis of Netskope's more than 2,500 customers in the telecommunications industry, the report says that users in this vertical upload and download files to cloud applications at a similar rate, compared to other industries and, at the same time, At the same time, they use fewer apps on average. .
Major victims
The average user in the telecom sector interacts with 24 cloud applications in a given month, the majority in the Microsoft ecosystem (OneDrive, Teams, Outlook).
In fact, OneDrive is the most popular app for uploading data: 30% of industry users use it to upload files daily (50% more than average). The same goes for downloads: 35%.
While all organizations, regardless of size or vertical, are targets of cloud-borne malware, telecommunications companies are the biggest victims by a margin of 7% compared to the rest, Netskope explained. OneDrive and GitHub had the most malware downloads, followed by Outlook. Most of the time, victims caught the Remcos Remote Access Trojan (RAT), the malicious Guloader loader, and a popular information stealer called AgentTesla.
According to Paolo Passeri, director of cyber intelligence at Netskope, this discrepancy in the percentage of malware delivered is due to a more “open” attitude that employees in the telecommunications sector have towards cloud services.
“This open attitude towards online services is also visible in malware families that target telecom users. Compared to other verticals, there are many more malware families targeting this sector,” Passeri explained.
Finally, he said that different cloud services are abused at different stages of the attack chain, with Guloader storing the encrypted payload in cloud services, for example, or Gandoreiro abusing Azure to deliver the final payload.
