According to a recent report from Netskope Threat Labs, employees in the telecommunications industry use fewer cloud apps compared to those in other industries, but they are still the most affected by cloud-based malware.
The report suggests that cloud apps are increasingly being exploited in malware attacks, with telecommunications companies being particularly vulnerable.
The analysis of over 2,500 customers in the telecommunications industry revealed that users in this sector upload and download files to cloud apps at a similar rate to other industries but use fewer apps on average.
In the telecommunications industry, the average user interacts with 24 cloud apps every month, with most of them being part of the Microsoft ecosystem (such as OneDrive, Teams, and Outlook).
OneDrive stands out as the most popular app for uploading data, with 30% of industry users using it daily to upload files, which is 50% more than the average. Similarly, 35% of users in the industry use OneDrive for downloading files.
According to Netskope, all organisations, regardless of their size or industry, are targeted by cloud-based malware. However, telcos are the most heavily affected, with 7% more occurrences compared to other sectors.
The primary sources of malware downloads were OneDrive and GitHub, with Outlook following closely behind. The most commonly acquired threats include the remote access trojan (RAT) Remcos, the malicious loader Guloader, and the well-known infostealer AgentTesla.
According to Paolo Passeri, Cyber Intelligence Principal at Netskope, the difference in the percentage of malware delivered stems from the more “open attitude” that employees in the telecommunications industry have toward cloud services.
“This open attitude towards online services is also visible in the malware families that target telecoms users. In comparison to other verticals, there are many more malware families targeting this sector,” he noted.
Finally, he mentioned that different cloud services are utilised at different stages of the attack chain. For example, Guloader stores the encrypted payload on cloud services, while Gandoreiro exploits Azure to deliver the final payload.