Netskope research warns of cloud malware threats

Cyber Security, News

  • 28 March 2023
Netskope research warns of cloud malware threats
Cora Lydon
June 15, 2021

A report from Netskope Threat Labs has warned that threat actors are increasingly using cloud apps to target healthcare organisations with cloud malware delivery ā€“ rising from 38% to 42% in the past 12 months.

Despite the increase, healthcare has a reasonably low number of cloud malware downloads, when compared to other sectors. At the bottom end of the scale, the technology industry averaged 37% cloud malware downloads, compared to healthcareā€™s 40% average. In contrast, the telecom industry averaged 79% malware sourced from the cloud.

The report identified how attackers are most commonly targeting popular enterprise apps like Microsoft OneDrive. In the past year, the popular cloud app represented 17% of all cloud malware downloads within healthcare organisations.

Its widespread adoption within healthcare makes it a prime target for attackers who are seeking to attack a wide variety of organisations using the same toolset. It also makes it more likely that the malicious payloads would reach their targets.

Last year a major cyber attack left some trusts without access to all of Advanced’s health and care solutions, after attackers deployed LockBit 3.0 malware.

Report recommendations

With the growing use of cloud applications, more data is being uploaded to and downloaded from a wide variety of cloud-based apps. This allows attackers to evade security controls that rely primarily on domain block lists and URL filtering, as well as those that do not inspect cloud traffic.

Netskope Threat Labs make a number of recommendations to help healthcare organisations review their security posture to ensure theyā€™re adequately protected.

These include:

  • Inspecting all HTTP and HTTPS downloads, including all web and cloud traffic, to prevent malware from infiltrating networks.
  • Ensuring high-risk file types, such as executables and archives, are thoroughly inspected using a combination of static and dynamic analysis before download.
  • Configuring policies to block downloads from apps and instances not used in the organisation, to reduce risk surface.
  • Configuring policies to block uploads from apps and instances not used in the organisation, to minimise the risk of accidental or deliberate data exposure.
  • Using an Intrusion Prevention System (IPS) to identify and block malicious traffic patterns, preventing further damage by limiting the attackerā€™s ability to perform additional actions.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Prev News

Nuance launches automated AI-powered clinical documentation

Next News

vCreate launches digital forms and reminders to streamline processes

Related News

Digital Health Unplugged: 2024 Year in Review
Podcast December 12, 2024

Digital Health Unplugged: 2024 Year in Review

In the final Unplugged of the year, the Digital Health news team reflect on the biggest stories covered in 2024 and look ahead to 2025.
Two more Liverpool hospitals impacted by Alder Hey cyber attack
News December 5, 2024

Two more Liverpool hospitals impacted by Alder Hey cyber attack

Alder Hey Children's NHS Foundation Trust has announced that the cyber attack it suffered last week has impacted two more hospitals.
Synnovis staff to strike following ‘alarming impact’ of cyber attack
News December 5, 2024

Synnovis staff to strike following ‘alarming impact’ of cyber attack

Staff working for NHS pathology provider Synnovis have announced plans to strike for five days, following a major cyber attack in June 2024.