Telecom companies are being targeted by malicious actors at an alarming rate, according to a new report by Netskope Threat Labs. The report highlights a concerning trend of attackers exploiting popular cloud apps like Microsoft OneDrive and GitHub to deliver malware to unsuspecting victims in the telecoms industry. This follows a similarly unsettling trend uncovered by Netskope Threat Labs within the retail sector earlier this year.
The report reveals that while telecoms users interact with a similar number of cloud apps on average compared to other industries, they are more likely to upload and download large amounts of data through these apps. Microsoft OneDrive emerged as the most popular app for both uploading and downloading data, with a significant portion of users relying on it daily.
This heavy reliance on cloud apps creates a vulnerability that cybercriminals are actively exploiting. The report identified telecoms as the industry suffering the most from cloud-based malware attacks, a staggering 7% higher than any other sector. OneDrive and GitHub were found to be the top two sources of malware downloads, followed by Microsoft Outlook.
The report also details the specific types of malware targeting telecoms organisations. Remote access Trojans like Remcos, downloaders like Guloader, and information stealers like AgentTesla were identified as the most prevalent threats.
Paolo Passeri, Cyber Intelligence Principal at Netskope said: “Users in the telecoms industry tend to interact with fewer cloud apps in comparison to other verticals, yet the percentage of malware delivered from the cloud is 7 points higher than the other sectors. This indicates that employees within the sector have a more open attitude to cloud services and this inevitably reflects in a wider exposure to threats. They are more familiar with online tools such as cloud apps and this figure shows that threat actors tend to exploit this familiarity.”
“This open attitude towards online services is also visible in the malware families that target telecoms users. In comparison to other verticals, there are many more malware families targeting this sector, with a wide range of threats spanning from IoT (the omnipresent Mirai) to downloaders (BanLoad and Guloader), banking trojans (Grandoreiro), infostealers (such as AgentTesla and Redline), and phishing bait PDF documents.”
“Interestingly many of these threats are characterised by the exploitation of authentic and well reputed cloud services throughout different stages of the attack chain: Guloader stores the encrypted payload on legitimate cloud services such as Microsoft OneDrive or Google Drive, Grandoreiro often abuses Microsoft Azure (but also AWS and Google) to deliver the final payload, and even phishing bait PDF documents are often hosted on legitimate cloud storage service to seem more realistic and legitimate.”
