Netskope Threat Labs has published its latest research report, focused on cloud app threats in the manufacturing sector, highlighting an increase in AI usage within corporate environments, and an increasing diversity in the methodologies of attackers targeting the sector.
When compared with the 2023 manufacturing report, in 2024, the popularity of Microsoft OneDrive in the manufacturing sector grew from 43% to 58%, however, its impact in terms of malware distribution decreased to 22% from 34%. While the top three cloud applications for malware downloads remained the same, the malicious exploitation of GitHub doubled in 2024, compared to 2023.
Further key findings include:
Cloud app adoption:
Enterprise users in manufacturing regularly interact with an average of 24 cloud apps each month, with OneDrive leading in popularity. With a global increase of AI usage in corporate environments, Microsoft Copilot is now in the manufacturing top 10 apps. The manufacturing industry uses a significant number of apps which serve both personal and corporate purposes (such as Google Drive) , underscoring the importance of having identity-based policies to ensure the safe handling of sensitive data between environments Cloud app abused for malware delivery:
Approximately one-half of all global HTTP/HTTPS malware downloads originate from popular cloud apps, with the other half originating from different locations on the web. The most popular apps around the world are also among the top apps in terms of the number of malware downloads, reflecting adversary tactics, user behaviour, and organizational policy. In manufacturing, OneDrive is the top app being abused for malware delivery (22%), with twice as much abuse than the second and third place of Sharepoint (10%) and GitHub (10%) combined. Top malware families:
The top five malware and ransomware families targeting users in manufacturing in the last 12 months are Downloader.Guloader; Infostealer.AgentTesla; Phishing.PhishingX; Trojan.Grandoreiro; and Trojan.RaspberryRobin. Speaking on the findings, Paolo Passeri, Cyber Intelligence Principal at Netskope said; “What really caught my eye in this report is the fact that threat actors are diversifying the kind of payload they are delivering to organizations in manufacturing. Rather than focusing on specific categories of malware, they prefer to deliver flexible downloaders or remote access tools (GuLoader, AgentTesla and RaspberryRobin), which can then distribute multiple kinds of payloads depending on the attackers’ objectives.
“With today’s sophisticated attack methodologies, malware can be delivered in various forms – whether it be a PDF file, banking Trojan, or infostealers – making them so hard for users to detect. Businesses will need to implement strict policies that ensure the safe handling of sensitive data and regularly monitor cloud traffic for malicious behaviour.”
Netskope Threat Labs recommends organizations in the manufacturing sector review their security posture to ensure that they are adequately protected against these trends:
Inspect all HTTP and HTTPS downloads, including all web and cloud traffic, to prevent malware from infiltrating your network. Netskope customers can configure their Netskope NG-SWG with a Threat Protection policy that applies to downloads from all categories and applies to all file types. Ensure that high-risk file types like executables and archives are thoroughly inspected using a combination of static and dynamic analysis before being downloaded. Netskope Advanced Threat Protection customers can use a Patient Zero Prevention Policy to hold downloads until they have been fully inspected. Configure policies to block downloads from apps and instances that are not used in your organization to reduce your risk surface to only those apps and instances that are necessary for the business. Configure policies to block uploads to apps and instances that are not used in your organization to reduce the risk of accidental or deliberate data exposure from insiders or abuse by attackers. Use an Intrusion Prevention System (IPS) that can identify and block malicious traffic patterns, such as command and control traffic associated with popular malware. Blocking this type of communication can prevent further damage by limiting the attacker’s ability to perform additional actions. Use Remote Browser Isolation (RBI) technology to provide additional protection when there is a need to visit websites that fall into categories that can present higher risk, like newly observed and newly registered domains. The report is based on anonymised usage data collected by the Netskope Security Cloud platform relating to a subset of Netskope customers with prior authorisation.
{Categories} *ALL*,_Category: Implications{/Categories}
{URL}https://www.logisticsit.com/articles/2024/09/11/netskope-threat-labs-manufacturing-use-of-ai-apps-grows,-as-attackers-diversify-attack-methodology-used-on-the-sector{/URL}
{Author}Manufacturing & Logistics IT Magazine{/Author}
{Image}https://www.logisticsit.com/assets/components/phpthumbof/cache/bigstock-computer-hacked-system-error-431586776%281%29.3070d77bba605bab0438fc9cd92218de.jpg{/Image}
{Keywords}{/Keywords}
{Source}Applications{/Source}
{Thumb}{/Thumb}