Malware delivered via cloud apps

  • 28 April 2021
  • 1 reply
  • 1 view

Badge +13

Our latest blog post shares stats that show the amount of malware delivered via cloud apps continues to increase. Cybercriminals are deliberately abusing popular cloud apps for malware delivery to exploit trust and blend in.

https://www.netskope.com/blog/cloud-and-threat-report-cloudy-with-a-chance-of-malware

 

Netskope can scan downloads for malicious content whether they originate from a cloud app or traditional web infrastructure. To ensure that your users are protected, create a "Threat Protection Profile" policy that scans all categories and all activities and blocks malicious content.  This policy covers all cloud and web activities to ensure complete protection, no matter which delivery method an attacker targeting your users chooses.   

 

Every malware alert will contain the field "traffic_type" which indicates whether the alert is from a "CloudApp" or the "Web".  You can search SkopeIT for all cloud malware alerts:

traffic_type = 'CloudApp' and (alert_type eq 'Malware')

Through Advanced Analytics you can generate reports to show the breakdown of "CloudApp" vs. "Web" malware in your environment.  95% of the malware detected in this environment has been downloaded from a Cloud App:

 

 


1 reply

Badge +12

Just as a followup if you want to create this in "Reports" just add the query

traffic_type = 'CloudApp' and (alert_type eq 'Malware')

to an Alert widget

 

In Advanced Analytics  you can use this

 

Reply