With each passing day, the number of Artificial Intelligence (AI) and cloud apps being used by companies in the manufacturing sector continues to grow. While commendable, this move has also resulted in new avenues for cybercriminals to explore.
This is according to a new report from Netskope Threat Labs, published earlier this week. It claims that the use of cloud apps has increased significantly, with organizations in the sector now interacting with an average of 24 cloud apps per month.
Of all the different apps, OneDrive seems to be the driving force (pun definitely intended), with popularity growing from 43% to 58% year-over-year.
Higher risks
When it comes to AI, businesses are also gravitating toward Microsoft products. This year, Microsoft Copilot made the top 10 list of apps for manufacturing. With recent updates to Windows 10 and the increasing adoption of Windows 11, which will grow even further next year when Windows 10 reaches EOD, it’s safe to assume that Copilot’s share will only grow.
But with increasing adoption comes risks. About half of all global HTTP/HTTPS malware downloads come from popular cloud apps, Netskope said, adding that the world’s most popular apps “are also among the top apps in terms of the number of malware downloads.” In fact, OneDrive is the most abused app for malware delivery in production, at 22%, double the share of second- and third-place Sharepoint and GitHub, which each account for 10%.
Criminals typically use one of five malware families: Downloader.Guloader; Infostealer.AgentTesla; Phishing.PhishingX; Trojan.Grandoreiro; and Trojan.RaspberryRobin. For Paolo Passeri, Cyber Intelligence Principal at Netskope, this is interesting, since hackers are primarily interested in flexibility:
“What really stood out to me in this report is that threat actors are diversifying the types of payloads they deliver to organizations in production,” he said. “Rather than targeting specific malware categories, they prefer to deliver flexible downloaders or remote access tools (GuLoader, AgentTesla and RaspberryRobin), which can then distribute multiple types of payloads depending on the attackers’ objectives. Enterprises will need to implement strict policies that ensure the secure handling of sensitive data and regularly monitor cloud traffic for malicious behavior.”