Research Insights: Netskope Cloud and Threat Spotlight:

Netskope has released the Netskope Cloud and Threat Spotlight: January 2022, disclosing new research highlighting the growth of malware and malicious payloads delivered by cloud apps. The analysis identified trends in cloud attacker activities and data risks from 2021 compared to 2020.  Report Highlights:


  • Google Drive emerges as the top app for malware downloads, taking over that spot from Microsoft OneDrive, while the percentage of malware downloads from cloud apps increased from 46%, peaked at 73% and plateaued at 66%.
  • Emotet copycats continue to abuse Microsoft Office documents, which continue to represent one-third of all malware downloads, compared to one-fifth of all malware downloads prior to Emotet.
  • More than half of managed cloud app instances are targeted by credential attacks, while the sources of such attacks shift from a few heavy hitters to a more decentralized attack.
  • Employee attrition leads to data exfiltration, as one out of very seven users take data with them when they leave using personal app instances.
  • Cloud adoption continues to rise, with the rising popularity of Cloud Storage apps attracting abuse by both attackers (for malware delivery) and insider threats (for data exfiltration).

Research Insights:

According to Garret Grajek, CEO, YouAttest:  

“The fact that more than half of the managed cloud attacks are still password/credential hacks shows how important identity is – not just devices but on cloud resources. The attackers love new deployments and new configurations – because they know that these new sites are often hastily assembled and lack true security and identity governance. That is why it is imperative that enterprise deploy the same principles of (NIST 800-53 rev 5, PR.AC-6) to ensure that the identities and the managing identities in the cloud are not overloaded with privileges and thus making the hackers job easier.”


Saryu Nayyar, CEO and Founder, Gurucul (she/her):

“This informative report highlights the need for cloud-native solutions that seamlessly monitor for, detect and accelerate response against known and unknown or emerging malware that targets cloud infrastructure regardless of vendor. Based on the report, the most effective solution for combating these emerging threats requires a combination of behavioral-based security analytics combined with an understanding of identity, access and entitlements to prevent credential-based attacks. Using this approach offers a much-needed layer of data-loss prevention (DLP) already incorporated into specific next generation SIEMs and can alert security teams both earlier in the kill chain and with an unprecedented level of context and automation to prevent loss.”