Researchers at Netspoke have found that cloud applications provide ransomware with a means to spread encryption to secondary users without ever downloading the malware again.
Netspoke’s February 2016 Worldwide Cloud Report identifies a handful of instances where ransomware encrypted a user’s device files and copies of those files saved to the sync folder of a commonly used cloud storage app. Consequently, the secondary user who automatically synced to the same folder had their device files encrypted as well.
It seems that the cloud is being used to propagate ransomware. Since today’s cloud apps make it easy for users to share & sync their files, malware can easily travel much more rapidly than traditional malware, creating an attack ‘fan out’ effect. This issue is further intensified by employees’ use of cloud-based applications that company’s IT departments do not officially approve of.
Based on Netskope’s research, 4.1 percent of enterprises IT environments had sanctioned cloud apps that were laced with malware between October 1 and December 31, 2015. The report also found that enterprises have an average of 917 cloud apps in use, with the majority of these apps being unsanctioned. This is a 21 percent increase from last quarter's report, measuring in at 755 apps in use. 94 percent of those apps were found not to be not enterprise ready.
This ‘Fan out’ effect can be attributed to the clouds never ending connection points. With all the cloud’s connected endpoints, malware has been seen spreading exponentially in just a short period of time. This fan-out effect takes advantage of the clouds most valuable capability- ease of use to sync, share and collaborate content.
The top cloud activities vary based on industry type. In Cloud Sharing Apps, sharing, viewing & downloading were the most common activities, respectively. With 6 shares per login and 2 downloads per upload, it’s important for companies to enforce data security policies and standards.
In HR Apps, uploading, downloading and viewing were the most common activities, respectively. As downloading remains the second most common activity, it’s important to audit these and other surround activities to ensure only privileged users are performing these activities.
For Business Intelligence Apps, sharing, viewing, and uploading are the most common activities, with two shares for every upload. The top activities for Finance Apps were editing, creating and viewing. As these new apps are required to abide by the SOX Compliance standards, they must be monitored for whose logging in and trying to log in. In addition, these apps need to be monitored for potential or improper data modification as well as govern and audit these activities accordingly.
Based on this report’s findings, it is safe to say that IT leaders need to monitor for & remediate any trace of malware, step up their compliance initiatives in the cloud, and ensure proper administrative privileges, access controls, activity governance, and data security.
With NNT's Change Tracker Gen7, your organization will come equipped with intelligent file integrity monitoring, compliance management, system hardening, threat intelligence & security configuration management all powered by Intelligent Closed-Loop Intelligent Change Control, all working to make your IT estate as secure and compliant as possible.
Read this article on SC Magazine