Researchers at Netspoke have found that cloud applications provide ransomware with a means to spread encryption to secondary users without ever downloading the malware again.

Netspoke’s February 2016 Worldwide Cloud Report identifies a handful of instances where ransomware encrypted a user’s device files and copies of those files saved to the sync folder of a commonly used cloud storage app. Consequently, the secondary user who automatically synced to the same folder had their device files encrypted as well.

It seems that the cloud is being used to propagate ransomware. Since today’s cloud apps make it easy for users to share & sync their files, malware can easily travel much more rapidly than traditional malware, creating an attack ‘fan out’ effect. This issue is further intensified by employees’ use of cloud-based applications that company’s IT departments do not officially approve of.

Based on Netskope’s research, 4.1 percent of enterprises IT environments had sanctioned cloud apps that were laced with malware between October 1 and December 31, 2015. The report also found that enterprises have an average of 917 cloud apps in use, with the majority of these apps being unsanctioned. This is a 21 percent increase from last quarter's report, measuring in at 755 apps in use. 94 percent of those apps were found not to be not enterprise ready.

This ‘Fan out’ effect can be attributed to the clouds never ending connection points. With all the cloud’s connected endpoints, malware has been seen spreading exponentially in just a short period of time. This fan-out effect takes advantage of the clouds most valuable capability- ease of use to sync, share and collaborate content.  

The top cloud activities vary based on industry type. In Cloud Sharing Apps, sharing, viewing & downloading were the most common activities, respectively. With 6 shares per login and 2 downloads per upload, it’s important for companies to enforce data security policies and standards.

In HR Apps, uploading, downloading and viewing were the most common activities, respectively. As downloading remains the second most common activity, it’s important to audit these and other surround activities to ensure only privileged users are performing these activities.  

For Business Intelligence Apps, sharing, viewing, and uploading are the most common activities, with two shares for every upload. The top activities for Finance Apps were editing, creating and viewing. As these new apps are required to abide by the SOX Compliance standards, they must be monitored for whose logging in and trying to log in. In addition, these apps need to be monitored for potential or improper data modification as well as govern and audit these activities accordingly.

Based on this report’s findings, it is safe to say that IT leaders need to monitor for & remediate any trace of malware, step up their compliance initiatives in the cloud, and ensure proper administrative privileges, access controls, activity governance, and data security.

With NNT's Change Tracker Gen7, your organization will come equipped with intelligent file integrity monitoring, compliance management, system hardening, threat intelligence & security configuration management all powered by Intelligent Closed-Loop Intelligent Change Control, all working to make your IT estate as secure and compliant as possible. 



Read this article on SC Magazine



The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2023, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.