Netskope research warns of cloud malware threats

Cyber Security, News

  • 28 March 2023
Netskope research warns of cloud malware threats
Cora Lydon
June 15, 2021

A report from Netskope Threat Labs has warned that threat actors are increasingly using cloud apps to target healthcare organisations with cloud malware delivery – rising from 38% to 42% in the past 12 months.

Despite the increase, healthcare has a reasonably low number of cloud malware downloads, when compared to other sectors. At the bottom end of the scale, the technology industry averaged 37% cloud malware downloads, compared to healthcare’s 40% average. In contrast, the telecom industry averaged 79% malware sourced from the cloud.

The report identified how attackers are most commonly targeting popular enterprise apps like Microsoft OneDrive. In the past year, the popular cloud app represented 17% of all cloud malware downloads within healthcare organisations.

Its widespread adoption within healthcare makes it a prime target for attackers who are seeking to attack a wide variety of organisations using the same toolset. It also makes it more likely that the malicious payloads would reach their targets.

Last year a major cyber attack left some trusts without access to all of Advanced’s health and care solutions, after attackers deployed LockBit 3.0 malware.

Report recommendations

With the growing use of cloud applications, more data is being uploaded to and downloaded from a wide variety of cloud-based apps. This allows attackers to evade security controls that rely primarily on domain block lists and URL filtering, as well as those that do not inspect cloud traffic.

Netskope Threat Labs make a number of recommendations to help healthcare organisations review their security posture to ensure they’re adequately protected.

These include:

  • Inspecting all HTTP and HTTPS downloads, including all web and cloud traffic, to prevent malware from infiltrating networks.
  • Ensuring high-risk file types, such as executables and archives, are thoroughly inspected using a combination of static and dynamic analysis before download.
  • Configuring policies to block downloads from apps and instances not used in the organisation, to reduce risk surface.
  • Configuring policies to block uploads from apps and instances not used in the organisation, to minimise the risk of accidental or deliberate data exposure.
  • Using an Intrusion Prevention System (IPS) to identify and block malicious traffic patterns, preventing further damage by limiting the attacker’s ability to perform additional actions.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Prev News

Nuance launches automated AI-powered clinical documentation

Next News

vCreate launches digital forms and reminders to streamline processes

Related News

Norfolk and Norwich University Hospitals investigating cyber attack
Cyber Security July 25, 2024

Norfolk and Norwich University Hospitals investigating cyber attack

NHS England’s cyber security operations centre is investigating a cyber attack at Norfolk and Norwich University Hospitals NHS FT.
Over 6,000 operations and appointments delayed by London cyber attack
News July 8, 2024

Over 6,000 operations and appointments delayed by London cyber attack

More than 6,000 operations and appointments have been postponed at London hospitals affected by the Synnovis cyber attack.
Harnessing AI and cybersecurity to transform healthcare in the UK
Cyber Security June 28, 2024

Harnessing AI and cybersecurity to transform healthcare in the UK

The UK healthcare sector is in a transformative era, driven by advancements in artificial intelligence (AI). AI has the potential to revolutionise healthcare by improving…