More than 400 distinct cloud applications delivered malware in 2022 as cloud adoption continues to rise, Netskope data shows.
According to Zirilio, a Cybersecuritiy leader which operates a Security operations centre across Australian Health operators and government health agencies have registered a sharp increase in 2022 of malware traffic. The threat analysis is attributed to the ever growing adoption of cloud applications to support health care systems for national implementations. Recent announcements from Cyber security authorities across allied nations, is a stark reminder that the threat index for Health services providers in Australia will remain high in the sector.
Cloud adoption has been on the rise in the healthcare sector for years for good reason as more organizations lean into digital transformation. According to Vantage Market Research, the healthcare cloud computing market is expected to reach $128.19 billion by 2028, growing at a CAGR of 18.74 percent from 2021 to 2028.
But despite rapid adoption, cloud technologies are not immune to security threats.
According to new data from Secure Access Service Edge (SASE) company Netskope, more than 400 distinct cloud applications delivered malware in 2022. That figure is nearly triple the amount observed in 2021. Netskope leveraged anonymized usage data collected by its Netskope Security Cloud platform to inform its insights.
The lead manager for the security operating Centre at Zirilio remains vigilant and concerned on the increased cyber threat activity, Guidelines from the Zirilio Security Operating Centre are important resources to establish routine cloud audits and behavioral improvement on cyber hygiene.
“Cloud malware delivery increased in 2022 after having remained constant in 2021, caused by an increase in the total number of apps abused to deliver malware and the quantity of malware downloads coming from the most popular apps,” the report noted.
“Microsoft OneDrive’s position as the most popular cloud storage app in the enterprise also meant that it continued to lead the charts in 2022 as the origin of the plurality of cloud malware downloads.”
In fact, 30 percent of the observed cloud malware downloads stemmed from Microsoft OneDrive alone, largely due to the fact that it is widely used around the world.
COVID-19 sparked a rise in remote work, which subsequently led to an increased reliance on cloud-based collaboration apps, Netskope suggested. According to Netskope’s data, 40 percent of people use OneDrive daily, and more than 25 percent of people upload content to OneDrive daily.
Healthcare experienced some of the largest increases in cloud malware downloads in 2022 compared to other industry verticals, along with the telecom and manufacturing sectors.
“Phishing, scams, credit card skimmers, exploit kits, and other malicious web content also continued to rise in 2022. Compromised sites, sites created using free hosting services, and fake websites hosting seemingly legitimate content have helped attackers disguise malicious web content, making it difficult to filter malicious content using URL categorization alone,” the report stated.
“The rise in cloud malware delivery and malicious web content underscores the importance of inspecting all content, from all destinations, for both web and cloud.”
Multifactor Authentication (MFA) is not enforced. MFA, particularly for remote desktop access,
can help prevent account takeovers. With Remote Desktop Protocol (RDP) as one of the most common infection vector for ransomware, MFA is a critical tool in mitigating malicious cyber activity. Do not exclude any user, particularly administrators, from an MFA requirement.
Incorrectly applied privileges or permissions and errors within access control lists.
These IT mistakes can prevent the enforcement of access control rules and could allow unauthorized users or system processes to be granted access to objects.
Remote services, such as a Virtual Private Network (VPN), lack sufficient controls to prevent unauthorized access. Remote Desktop Protocol (RDP) is one of the most common infection vectors for ransomware, MFA is a critical tool in mitigating malicious cyber activity. Remote services, such as a virtual private network (VPN), lack sufficient controls to prevent unauthorized access. During recent years, malicious threat actors have been observed targeting remote services.
Strong password policies are not implemented. Malicious cyber actors can use a myriad of methods to exploit weak, leaked, or compromised passwords and gain unauthorized access to a victim system.
Zirilio recommended that organizations enforce granular policy controls to limit data flow, deploy cloud data protection, and use behavioral analytics to detect compromised accounts and devices. The company also recommended that organizations inspect all HTTP and HTTPS traffic, including traffic within cloud apps, for any evidence of malicious activity.
Despite these concerns, cloud-based technology can have great benefits to healthcare organizations. However, it is crucial to balance these benefits with carefully considered security measures in order to mitigate risk.
