Researchers at Netspoke have found that cloud applications provide ransomware with a means to spread encryption to secondary users without ever downloading the malware again.

Netspoke’s February 2016 Worldwide Cloud Report identifies a handful of instances where ransomware encrypted a user’s device files and copies of those files saved to the sync folder of a commonly used cloud storage app. Consequently, the secondary user who automatically synced to the same folder had their device files encrypted as well.

It seems that the cloud is being used to propagate ransomware. Since today’s cloud apps make it easy for users to share & sync their files, malware can easily travel much more rapidly than traditional malware, creating an attack ‘fan out’ effect. This issue is further intensified by employees’ use of cloud-based applications that company’s IT departments do not officially approve of.

Based on Netskope’s research, 4.1 percent of enterprises IT environments had sanctioned cloud apps that were laced with malware between October 1 and December 31, 2015. The report also found that enterprises have an average of 917 cloud apps in use, with the majority of these apps being unsanctioned. This is a 21 percent increase from last quarter's report, measuring in at 755 apps in use. 94 percent of those apps were found not to be not enterprise ready.

This ‘Fan out’ effect can be attributed to the clouds never ending connection points. With all the cloud’s connected endpoints, malware has been seen spreading exponentially in just a short period of time. This fan-out effect takes advantage of the clouds most valuable capability- ease of use to sync, share and collaborate content.  

The top cloud activities vary based on industry type. In Cloud Sharing Apps, sharing, viewing & downloading were the most common activities, respectively. With 6 shares per login and 2 downloads per upload, it’s important for companies to enforce data security policies and standards.

In HR Apps, uploading, downloading and viewing were the most common activities, respectively. As downloading remains the second most common activity, it’s important to audit these and other surround activities to ensure only privileged users are performing these activities.  

For Business Intelligence Apps, sharing, viewing, and uploading are the most common activities, with two shares for every upload. The top activities for Finance Apps were editing, creating and viewing. As these new apps are required to abide by the SOX Compliance standards, they must be monitored for whose logging in and trying to log in. In addition, these apps need to be monitored for potential or improper data modification as well as govern and audit these activities accordingly.

Based on this report’s findings, it is safe to say that IT leaders need to monitor for & remediate any trace of malware, step up their compliance initiatives in the cloud, and ensure proper administrative privileges, access controls, activity governance, and data security.

With NNT's Change Tracker Gen7, your organization will come equipped with intelligent file integrity monitoring, compliance management, system hardening, threat intelligence & security configuration management all powered by Intelligent Closed-Loop Intelligent Change Control, all working to make your IT estate as secure and compliant as possible. 



Read this article on SC Magazine



NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
New Net Technologies LLC
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
1175 Peachtree St NE
Atlanta, Georgia, 30361.
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified IBM Security
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.