Attackers Increasingly Targeting Cloud Apps to Deliver Malware in Healthcare

April 06, 2023 - Threat actors are increasingly abusing cloud apps to deliver malware in healthcare settings, Netskope revealed in its latest Threat Labs Report. Cloud-delivered malware increased from 38 percent to 42 percent in the past 12 months, researchers found.

“Attackers attempt to fly under the radar by delivering malicious content via popular cloud apps,” the report stated. “Abusing cloud apps for malware delivery enables attackers to evade security controls that rely primarily on domain block lists and URL filtering, or that do not inspect cloud traffic.”

Microsoft OneDrive was the most popular cloud app to be abused for malware purposes. This could be explained by the fact that Microsoft OneDrive is also the most popular app among enterprise users in healthcare, according to Netskope’s findings.

Its popularity makes it “both a prime target for attackers seeking to target a wide variety of organizations using the same toolset and also makes it more likely that the malicious payloads would reach their targets,” the report noted.

Weebly and Box followed Microsoft OneDrive as popular malware abuse targets.

Trojans were the most common malware type detected in healthcare by Netskope in the last 12 months.
Attackers leverage trojans to gain an initial foothold and deliver other malware types, such as remote access trojans, backdoors, and infostealers. Downloaders were the second most common type of malware in healthcare, which can similarly be used to deliver other types of malware.

“The third place are file-based exploits, which includes documents used to exploit many known vulnerabilities, including CVE-2022-30190 (a.k.a. Follina) and other vulnerabilities that exploit unpatched versions of Adobe Acrobat and Reader and Microsoft Office,” the report continued.

Cloud adoption is increasing across the healthcare sector, enabling greater efficiency and security benefits. However, cloud-based cyber threats cannot be ignored. In fact, cloud security risk management settled into the number 5 spot on ECRI’s list of “Top 10 Health Technology Hazards for 2023.”

ECRI acknowledged the benefits of cloud adoption, but pointed out that successful adoption requires careful consideration of the cloud’s accompanying security risks.

“To protect itself against a consequential security event, a healthcare delivery organization should evaluate how a cloud provider safeguards both the functionality of its system and the confidentiality and availability of patient data,” ECRI recommended.

“In addition, the organization should implement appropriate internal security controls to reduce the risks.”

To further mitigate cloud risk, Netskope recommended that healthcare organizations inspect all HTTP and HTTPS downloads, configure policies to block downloads from apps that are not used within your organization, and inspect high-risk file types before downloading.