Popularity of Cloud Storage Apps Invites Abuse

Hanna Mathai

By Yaroslav Rosomakho, Field CTO EMEA, Netskope

5 min to read
Popularity of Cloud Storage Apps Invites Abuse

Netskope’s Cloud & Threat Report for the Middle East reveals some super interesting similarities and differences when compared against the global trends. The top three Cloud Storage apps in the region are the same as the top three apps globally, as per our Cloud and Threat Report, January 2022, with Microsoft OneDrive leading the pack in terms of usage and increasing its market share.

Top Cloud Storage Apps


It is surprising that WeTransfer occupies the 5th place, as it is typically an unsanctioned application. It raises questions about the volume of Shadow IT in the region.

The Dataset

Hundreds of organizations with tens of thousands of users operating in the Middle East region. Compared with Netskope’s global Cloud & Threat report January 2022, assessing thousands of global organizations and millions of users across the world.

Top Apps for Malware Downloads


SharePoint and OneDrive combined account for more than a half of malware downloads from a cloud app, a concerning data point for Office 365 users.

The absence of Google Drive is notable here. It occupies the first place of the global report with 37% of malware apps but accounted for less than 3% in the Middle East region. It is predominantly in the Microsoft suite where threats are putting Middle Eastern businesses at risk in the cloud.

While SharePoint and OneDrive are normally a part of the corporate business suite, they can also be used privately, therefore establishing visibility into Office 365 instances is paramount.

It is very common for malware to be distributed through regular business applications. Long gone are the days when organizations could simply block or allow an application: today a more surgical approach is required to enable the workforce to use all possible tools in a secure way.

Top App Categories for Malware Downloads


As organizations rapidly rolled out Microsoft Teams, Zoom and other collaboration tools to support continued remote and hybrid working in 2020, attackers were clearly not far behind, as seen both in the Middle East and globally as collaboration tools now form the most exploited app categories of 2021, rising from 5% of threats, to almost 40% and overtaking threats from cloud storage.

Top Apps for Malicious Office Doc Downloads


The list of top apps of 2021 is another datapoint that speaks about the popularity of Microsoft services in the region.

Out of five apps on the 2021 list four can be used in private subscriptions and three (Box, Gmail, Live Outlook) are common collaboration tools for Internet users, which again speaks to the need to differentiate between multiple instances of the same application.

Due to the prevalence of the Microsoft suite in the Middle Eastern region, the trend of attackers abusing Microsoft Office document formats to deliver malware is particularly of concern. In Q2 2020, Netskope Labs saw a sudden spike in malicious Office documents driven primarily by Emotet, who launched a large-scale and highly effective malspam campaign that delivered malicious Office documents using popular cloud apps. Since the ‘fall of Emotet’, copycat groups have continued to abuse Office documents to deliver malware and the quantity of malicious documents remains high above pre-Emotet levels.

Why do cloud storage apps appear in so many top five lists in this report, for malware downloads, for malicious Office document downloads, and for apps used by insiders to take data when they leave? And why do so many of the same apps appear in each of those lists?

Cloud storage apps are very popular among all users. 79% of people used at least one Cloud storage app, up from 71% of all users in 2020.

This increases exposure in three ways:
  • Attackers go where the market is
  • A false sense of security
  • Staff instability and data theft

The top trends in 2021 in the Middle East were an increase in cloud-delivered malware especially affecting cloud collaboration, an escalating theme of Office documents being abused to deliver malware and insiders using personal cloud app instances to take data when they leave their jobs.

To mitigate the risks these trends pose, Netskope recommends organizations implement the following controls:

  1. SSO/MFA for both managed and unmanaged apps, including adaptive policy controls invoking step-up auth based on user, device, app, data, and activity.
  2. Multi-layered, inline threat protection for all cloud and web traffic to block malware from making it to endpoints, plus blocking outbound malware communications.
  3. Granular policy controls for data protection including data movement to and from apps, between company and personal instances, shadow IT, users, websites, devices, and locations.
  4. Cloud data protection for sensitive data from internal and external threats across web, email, SaaS, shadow IT, and public cloud services, and security posture management for SaaS and IaaS.
  5. Behavioral analysis to detect insider threats, data exfiltration, compromised devices, and compromised credentials

As the leader in Gartner Magic Quadrant on SSE, Netskope takes a data-centric approach to cloud security, following data everywhere it goes. From data created and exposed in the cloud to data going to unmanaged cloud apps and personal devices, Netskope protects data and users everywhere.

Netskope a Leader in the 2022 Gartner Magic Quadrant™ for Security Service Edge Report

SSE is a term defined by Gartner referring to the evolving security stack needed to successfully achieve a SASE convergence, including technology capabilities such as Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), Firewall-as-a-Service, and Zero Trust Network Access (ZTNA) that are core requirements for that stack.

Gartner has named Netskope a Leader in the inaugural Magic Quadrant for Security Service Edge (SSE). SSE is a set of security services that enable a successful SASE architecture, securing people and data in the cloud without degrading user experience. In the new report, you’ll gain insights into why Netskope are positioned in the Leaders Quadrant. We think it comes down to a few key advantages.

With Netskope Intelligent Security Service Edge, you can:

  • Reduce risk
  • Accelerate performance
  • Provide granular visibility to any cloud, web, and private application activity

SSE is the convergence of security capabilities into a single cloud-centric platform.

Netskope Intelligent Security Service Edge (SSE) is fast, easy to use, and secures your transactions wherever your people and data go. Be ready for anything on your SASE journey with Netskope’s SSE solution.

Share this article

Upcoming event

Black Hat MEA 2024

  • KSA
  • Riyadh