Google Drive emerges as the best app for malware downloads


Netskope published research which found that phishing downloads have seen a surge of 450% over the past 12 months, fueled by attackers using search engine optimization (SEO) techniques to boost the rankings of malicious PDF files on popular search engines including Google and Bing. .

The top web referrer categories contained some categories traditionally associated with malware, particularly shareware/freeware, but were dominated by less conventional categories. The increase in the use of search engines to spread malware over the past 12 months provides insight into how well some attackers are SEO-savvy. The malware downloads referenced by search engines were mostly malicious PDF files, including many malicious fake CAPTCHAs that redirected users to phishing, spam, scam and malware websites.

The report also revealed that most malware over the past 12 months was downloaded from the same region as its victim, a growing trend that points to the growing sophistication of cybercriminals, who more frequently stage malware to avoid geofencing filters and other traditional prevention measures.

The results reveal that attackers tend to target victims located in a specific region with malware hosted in the same region. In most regions, the plurality of malware downloads originated from the same region as the victim. This is especially true for North America, where 84% of all malware downloads by victims in North America were downloaded from websites hosted in North America.

“Malware is no longer limited to traditional risky web categories. It now lurks everywhere, from cloud apps to search engines, leaving organizations more exposed than ever before,” said Ray Canzanese, director of threat research at Netskope. “To avoid falling victim to these social engineering techniques and targeted attack methods, security managers should regularly review their malware protection strategy and ensure that all entry points possible are taken into account.

Key Additional Findings

  • Trojans continue to prove their effectiveness: Trojans account for 78% of all cloud and web malware downloads as attackers use social engineering techniques to gain a foothold and deliver a variety of next-stage payloads, including backdoors, information stealers and ransomware. No Trojan horse family is globally dominant. The top 10 Trojan families account for only 14% of all downloads, with the remaining 86% coming from less common families.
  • The cloud and the web are the perfect couple for an attacker: 47% of malware downloads come from cloud applications, compared to 53% from traditional websites, as attackers continue to use a combination of cloud and web to target their victims.
  • Popular cloud storage apps continue to be the source of most cloud malware downloads. Other major cloud application referrers include collaboration and webmail applications, where attackers can send messages directly to their victims in many different forms, including email, direct messages, comments, and document sharing.
  • Malicious Microsoft Office files decreased to pre-emotet levels: EXE and DLL files account for nearly half of all malware downloads as attackers continue to target Microsoft Windows, while Microsoft Office malicious files are in decline and have returned to pre-Emotet levels. This is largely due to proactive warnings and security controls introduced last year by technology vendors such as Google and Microsoft.


About Author

Comments are closed.