It's time to wake up to the cloud malware threat

It's only a matter of time before criminals exploit our over-reliance on SaaS

Cloud-based malware is a real and present danger - and it can spread through an organisation like wildfire. But it is not always on the radar of security teams, and without strong protocols in place, there are many possible routes to infection. It's time for those organisations which don't have strong protection against cloud-based malware to wake up to the dangers, and protect themselves.

The same but different

Cloud-based malware is in many ways no different to more 'traditional' types which might break in through routes like an infected file drawn off a USB stick, or a compromised web page. It can have similar payloads ransomware, industrial espionage, and so on. But the cloud offers two important distribution advantages: there are many more routes to infection, and cloud allows malware to spread with alarming rapidity.

Alex Hinchliffe, threat intelligence analyst at Unit 42, told Cloud Pro that cloud-based malware spreads in rather familiar ways to physical infections.

"Adversaries who may have compromised systems in the cloud may attempt to move laterally to other hosts in the cloud, using typical methods as they go, such as gaining credentials through key-logging, brute-forcing, or even additional spear-phishing attacks on employees or using password-stealing tools on infected systems," says Hinchliffe.

The lure of cloud-based services

Thanks to the growth and development of software-as-a-service (SaaS), we are becoming more and more reliant on the cloud for the majority of our everyday computing needs.

We can share information with other people easily, no matter where they are. We can whiteboard ideas, have group conversations in virtual space, create, edit and amend content of all kinds, manage projects and teams, and so on.SaaS allows IT teams to offer a range of capabilities they might struggle to deliver through in-house tech, and to access new services and new ways of working much more quickly than they could through in-house implementation. It helps them improve efficiency and productivity, and to punch above their weight.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Many of us have settled into a mindset where cloud apps are the norm. It isn't a big leap from there to step outside the services sanctioned by the IT team and strike out alone, setting up accounts with web-based services that will help with a particular project. It is highly possible that the IT team only knows about a fraction of the cloud services in use at any one time.

The problem for the IT team is policing all the cloud services used to help keep internal systems safe. All it takes is a single malicious file, shared through a service that operates in your IT departments blind spot, to bring down a network.

When strengths become weaknesses

We shouldn't be under any illusions about the danger of cloud-based malware. New research from Bitglass scanned tens of millions of files and found on average one in three corporate instances of SaaS apps contained malware.Of the four major SaaS applications OneDrive, Google Drive, Box, and Dropbox Microsoft OneDrive had the highest rate of infection at 55%. Google Drive came in at 43%, while Dropbox and Box were at 33% each.

New research from Palo Alto Networks also found that 68% of cybersecurity professionals working in large organisations in the UK say the rush to the cloud is not taking full account of the security risks. Just 15% of UK security professionals said they were able to maintain consistent, enterprise-class cyber security across their cloud networks and endpoints, according to the research.

Taking control of the situation

Arguably the most appropriate strategy for getting ahead of the threat of cloud-based malware is to have effective endpoint solutions i.e. to use trusted third-party solutions that will monitor laptop and desktop computers, tablets and phones.

This can be more complex than it seems. We've already noted that there will likely be many more cloud apps in play than the IT team is aware of, and the endpoint solution will need to keep an eye on all file uploads and downloads.

Of course, that's on top of the burden of monitoring every piece of kit used by employees. This will need to include those provided by the organisation, sanctioned BYOD devices, and, inevitably, BYOD devices that are not sanctioned.

There also needs to be an effective backstop layer of protection that will come into play when an infection gets through so that it doesn't spread into the organisation's own cloud applications.

Strong protection is the only way to defend against infection. And this is becoming more and more necessary. While the immediate threat of Wannacry may have passed, the 300,000 computer systems infected around the world, including those within the NHS, speak volumes to the potential damage a similar outbreak could wreak.

This should be especially concerning given the NHS' recent commitment to moving its systems to a cloud-based model, and reports that its systems have yet to reach a standard capable of warding off a similar attack in the future.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The threat from ransomware isn't going away anytime soon, and that, along with industrial espionage and other exploits, needs to be paid serious attention.

Image: Shutterstock

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

3 Sep 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

8 Mar 2019

Most Popular

Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354193/buy-it-to-grow-not-slow-your-business
Sponsored

Buy IT to grow, not slow, your business

25 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019