News Stay informed about the latest enterprise technology news and product updates.

Cloud malware leads to high-speed impact

During the CSA Summit at At RSA’s 2016 Conference, Netskope warned how cloud synchronization services can spread malware infection throughout an enterprise.

SAN FRANCISCO -- While cloud apps themselves are rarely breached or directly infected with malware, Netskope says...

they've proven to be a major asset to threat actors looking to spread malicious attacks to as many users and organizations as possible.

Krishna Narayanaswamy, chief scientist at cloud access security broker Netskope, discussed those cloud malware threats during his keynote presentation at the Cloud Security Alliance Summit during Monday's pre-event activities at RSA Conference 2016. Narayanaswamy presented research that described a "fan out" effect where malicious files or code infect a single user's client device and are able to spread quickly through cloud services.

Netskope looked at hundreds of different sanctioned cloud apps used by more than 500 of its customers to measure "the prevalence of malware in cloud applications." While the research found that only 4.1% of cloud apps contained some kind of malware, Netskope determined there was a bigger problem lurking behind the scenes.

"This is pretty significant because one of the channels that people are not aware of, which is the cloud, can have a pretty serious effect on the spread of malware," Narayanaswamy said.

Infectious cloud malware

Specifically, Netskope found that the small amount of cloud malware detected in cloud apps was able to infect many more users beyond the initial infected device through file sharing and cloud synchronization services. "Some of those files are in sync folders, and guess what? Our sync folders are set up to sync directly to the cloud," he said. "This is what we call the "fan out" effect of malware in the cloud."

Narayanaswamy presented a case study of an enterprise client that inadvertently spread ransomware through a cloud app; a hiring manager was hit with a ransomware infection through a resume file that had been received via email. But the file was then moved to a folder that automatically synchronized with a cloud app, which delivered the file to other users within the organization. Once the resume file was opened by a user, the ransomware executed and encrypted each individual device or system. Instead of affecting just the initial user, Narayanaswamy said, the ransomware spread quickly to other users and endpoints that were connected to that cloud synchronization service.

"In this case, the lateral movement of malware is pretty much automated [with cloud synchronization]," Narayanaswamy said. "The effect of this malware spreads in a matter of seconds."

Preventing cloud malware

While many enterprises are worried about what's going out from their cloud services, Narayanaswamy said companies also need to worry about what's coming into the services to prevent cloud malware from spreading across the user base. In addition to taking basic precautions, such as regularly backing up data and monitoring cloud apps for anomalous behavior or signs of data exfiltration, Narayanaswamy urged enterprises to take additional steps such as enabling the automatic deleting or trashing of cloud files that have been overwritten. That way, he said, a file that is potentially harmful won't be allowed to linger indefinitely inside the cloud service and put additional users at risk.

Next Steps

See tips for tackling cloud-based app security.

Learn the three best practices in cloud app security.

Examine the merits of cloud malware analysis tools.

PRO+

Content

Find more PRO+ content and other member only offers, here.

Conference Coverage

RSA Conference 2016 special coverage: News and analysis

Join the conversation

4 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What precautions is your organization taking to secure cloud applications?
Cancel
We make sure that development teams and solutions architects work closely with our cloud and infrastructure services teams to adhere to established security policies and, in the event where a gap is identified in those policies, all teams work together to ensure the provided solution meets security criteria.
Cancel
Not surprising. The cloud still has a lot of kinks to work out still. It's still fairly new in the scheme of things and people will always look for a weak link to exploit.

Cancel
In addition, you should only deploy the code that you trust. That can become problematic when dealing with cloud applications because because, in the drive to the cloud and faster deployments, many of the newer tools that are out there have not been fully vetted before teams start adopting them into the technology stack.
Cancel

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly

Close