Netskope warned in a new report that cloud transformation among enterprises presents a growing opportunity for threat actors to bring their phishing techniques to an emerging new channel: fake third-party cloud applications, according to SDxCentral.
According to Netskope's latest Cloud and Threat Report, eight of 1,000 end-users on average tried to access phishing content or clicked on a phishing link during the third quarter of 2022, and personal websites and blogs are now the source of 36% of phishing alerts, surpassing webmail services such as Gmail, Yahoo Mail and Microsoft Live, which now account for 11% of alerts. This reflect an effort by cybercriminals to seek new, unexpected avenues for attacks, analysts said.
Netskope Threat Labs says the use of fake cloud apps is still an early trend, but expressed concern about the large attack surface it poses to the public. The report noted that more than 440 third-party applications on average are granted access to organizations and end-users Google applications and data, while more than 44% of all third-party applications with access to Google Drive are able to access either a users' sensitive data or all of their data on Google Drive.