- Google Drive and Gmail are the most popular apps for malware downloads in the retail sector, diverging from the dominance of Microsoft OneDrive in other industries.
- Trojans are the primary attack mechanism, tricking retail users into downloading other malware payloads.
- WhatsApp more popular for downloads in retail sector than Sharepoint, posing serious risk of using personal messaging app as enterprise collaboration tool
Netskope Threat Labs has released a report warning the retail sector to be vigilant that, unlike other industries where Microsoft OneDrive is both the most popular app used and the most popular app for malware downloads, Google apps are the main conduit for malware in retail.
While OneDrive is the most popular app used in retail, Google Drive and Google Gmail took the top two spots for malware delivery in the sector. Trojans are the primary attack mechanism, tricking retail users into downloading other malware payloads. Many of the malware families aim to steal banking information, credentials, personal info and credit card information.
The popularity of WhatsApp is also well above the other sectors – on average, WhatsApp use in retail is three times more popular in retail than other verticals, ranking only behind OneDrive in terms of both uploads and downloads. This poses a serious risk not only because WhatsApp is a common delivery channel for malicious content such as malware or phishing pages, but also because these numbers suggest that the retail sector is using a personal instant messaging app as an enterprise collaboration tool, increasing the risk of data theft or data exposure – a WhatsApp message can be easily forwarded for example.
“Attackers abuse cloud apps to fly under the radar and evade traditional security controls that do not inspect cloud traffic,” advises Ray Canzanese, Director of Netskope Threat Labs. “As the holiday shopping season approaches, retail employees and consumers must both be extra vigilant, as phishing, credential theft, and malware activity related to retail tends to increase at the end of the year.”
While the frequency of cloud malware delivery in retail generally follows the pattern of other industries over the past 12 months, peak times – such as April, May and June this year – showed a comparatively high number of malware being delivered via cloud apps in retail. In April, for example, 70% of the malware delivered to retail were via cloud apps – 10% more than other industries.
The report finds that Google Drive, Google Gmail, and WhatsApp are among the top five most popular apps for downloads in retail – and all three are significantly more popular than they are in other industries:
- Google Drive is used by 34% of retail users vs 19% in other industries
- Gmail is used by 21% of retail users vs 13% in other industries
- WhatsApp is used by 17% of retail users vs 5.9% in other industries, making it more popular than Sharepoint
Netskope Threat Labs therefore recommends retail organizations take the following steps to review their security posture:
- Conduct thorough inspection of HTTP and HTTPS downloads to prevent malware infiltration.
- In-depth analysis of high-risk file types before download, leveraging advanced threat protection.
- Configure policies to block unnecessary app downloads and uploads, reducing the risk surface.
- Implement an Intrusion Prevention System (IPS) to identify and block malicious traffic patterns.
- Adopt Remote Browser Isolation (RBI) technology for enhanced protection during website visits.
