Telecom sector faces 7% higher risk of cloud-sourced malware, report

The telecom sector is the biggest victim of cloud-sourced malware, with a 7% margin compared to other industries, according to a report published by secure access service edge company Netskope. The report revealed an increasing trend of attackers targeting popular enterprise apps to deliver malware to victims in the telecom industry.

This rising trend is against a backdrop of continued increase in cloud app adoption in the sector, where users engage strongly with a small selection of popular apps, including Microsoft, the report showed.

Users in the telecom industry upload and download files to cloud apps at a similar rate to other industries, but tend to interact with fewer cloud apps on average. The average user in telcos interacts with 24 cloud apps per month, with a strong preference for Microsoft apps. Microsoft OneDrive, Teams and Outlook are the industry’s top three most popular apps.

Microsoft OneDrive is also the most popular app for uploading data, with 30% of telecom industry users uploading data to OneDrive daily, 50% more than the average across all industries. Similarly, Microsoft OneDrive is the most popular app for downloads in the telecom industry, with 35% of users downloading from it.

The percentage of malware downloads from telco industry users fell in line with the global trend, bottoming out in the second half of 2023 and beginning to increase again in early 2024. Telecom organisations were the biggest victims of cloud-sourced malware, compared to other industries.

Microsoft OneDrive and GitHub had the most malware downloads, followed by Outlook. The other apps in the top 10 were similar to those in other industries with only minor differences, including more malware downloads from SourceForce, an open-source software development website and Google Cloud Storage.

Among the most prevalent malware families targeting organisations in the telecom industry were the remote access Trojan Remcos, the downloader Guloader and the infostealer AgentTesla.

“Users in the telecoms industry tend to interact with fewer cloud apps in comparison to other verticals, yet the percentage of malware delivered from the cloud is 7 points higher than the other sectors. This indicates that employees within the sector have a more open attitude to cloud services and this inevitably reflects in a wider exposure to threats,” said Paolo Passeri, cyber intelligence principal at Netskope said.

“In comparison to other verticals, there are many more malware families targeting this sector, with a wide range of threats spanning from IoT (the omnipresent Mirai) to downloaders (BanLoad and Guloader), banking trojans (Grandoreiro), infostealers (such as AgentTesla and Redline) and phishing bait PDF documents,” added Passeri. NDTV Profit