66% of malware linked to state-funded attacks

31 October 2024

New data released by Netskope Threat Labs has found that, over the past 12 months, 66% of the attributable malware targeted at its customers was linked to state-funded attack groups.

The largest share of malware attacks came from North Korean threat groups, with Chinese and Russian groups as second and third most prevalent. A growing number of attacks use cloud applications as a point of entry and exfiltration.

The research also reveals North Korea, China, and Russia’s differing strategic objectives drive very different approaches to cyber attacks, leading to their widely varying ‘market share’ in the threat landscape.

Currently, North Korea accounts for the largest share of malware attacks globally. Unlike Russia and China, North Korea’s campaigns are primarily financially motivated, leveraging cybercrime and cryptocurrency theft to fund military programmes. As a result, it targets non-specific population groups in its quest to maximise profits.

In contrast, Russia and China use cyberattacks to target their global adversaries’ critical infrastructure and high-value targets to cause targeted but high-impact disruption and damage. Examples of such targets include NHS England and the Electoral Commission, both of which have been recently targeted in cyber-attacks. This means that Russia and China’s share of overall malware attacks is smaller, but the national impact of their attacks has the potential to be more disruptive.

Recent research from Netskope Threat Labs has also found that approximately 50% of all global malware downloads now originate from popular cloud apps. The average global worker regularly interacts with 24 cloud apps each month, with Microsoft tools such as OneDrive (51%), SharePoint (28%) and Teams (22%) being highly favoured. The top cloud apps abused for malware download in the last 12 months are OneDrive (26%), GitHub (13%) and SharePoint (12%). Today’s data further proves that businesses will need to enhance their security measures to cloud-native security systems to help prevent such malware attacks.