TechRepublic reports that cloud apps have become the most prevalently clicked lure for spreading malware through spearphishing campaigns during the first three quarters of 2023, followed by e-commerce sites and government organizations.
Most cloud app-targeted phishing operations have been aimed at Microsoft offerings, followed by Adobe and Google products, a report from Netskope revealed.
Malicious documents used in phishing attacks mostly involved PDF files, and cloud storage apps, particularly Microsoft OneDrive, have been used more in malware hosting than web storage between January and September, while malware communications have been mostly facilitated through the HTTP and HTTPS protocols.
Malware attacks during the same period were dominated by Wizard Spider, also known as Grim Spider, UNC1878, and TEMP.MixMaster, and while most financially motivated intrusions were from Russia and Ukraine, China emerged as the greatest geopolitical threat.
Moreover, North America and Australia were impacted by most malware attacks, while most geopolitical attacks were aimed at the financial services and healthcare sectors.
SecurityWeek reports that threat actors could leverage critical vulnerabilities impacting open-source file-sharing software ownCloud to facilitate sensitive data exposure and authentication and validation compromise.