robybret - Fotolia


How cloud synchronization can facilitate the spread of malware

Malware can spread from one user to many through cloud synchronization. Expert Rob Shapland explains what enterprise users should know about their synchronization folders.

Cloud synchronization provides many benefits to organizations and is an integral part of how many cloud services function. It allows files that are placed in synchronization folders to be automatically uploaded to the cloud, usually for backup purposes or for propagating to other users.

Most cloud services allow the use of synchronization folders. Any file placed in this folder is then automatically uploaded to the cloud and vice versa. Cloud file syncing creates a very fluid user experience, as it is possible to begin writing a document on one device and complete it on another or share documents among a whole team.

As useful as this can be with safe files, it can also mean that malware is able to spread to the cloud easily. For example, if ransomware has infected a user's system and has encrypted files in the cloud synchronization directory, these files will then be automatically uploaded to the cloud and may replace the legitimate files. This is then pushed to other users who are using cloud synchronization folders on the same cloud service. This means that the cloud system that was supposed to be providing backup for the files can actually spread infected files further throughout an organization, and that no legitimate copies of the file will remain if they were not backed up separately.

It can also mean that other types of malware that have been downloaded by a user and placed in the synchronization directory can be uploaded to the cloud and then propagated to other users that are synchronized with the same cloud folders. This malware could have infected the user inadvertently or the attack may have been orchestrated as part of an insider attack that is seeking to spread malware to other users.

However, in most cases the malware will still need to be executed on the computer that it has been copied to before it can do any damage. The latest Global Cloud Report from the cloud access security broker Netskope shows that 11% of enterprises surveyed in the first quarter this year had at least one sanctioned cloud app that was found to be storing malware; a number that jumped dramatically from just 4% in the previous quarter. And that number is likely to increase significantly once unsanctioned cloud apps are reviewed by IT departments and enterprise security teams. Over a quarter of the malware found had been shared or synchronized to other users.

A critical component of defending against cloud malware is to ensure that all sensitive data stored in the cloud is backed up and uses proper versioning to ensure that archived versions are available. Uploads of sensitive data should be monitored to ensure that there is no abnormal behavior that may indicate a malware infection, and the cloud app should be configured to run scans for malicious software (this may be through a CASB if the organization is using one). It is also important to do this across all cloud apps that are being used, even those unsanctioned by the organization.

Next Steps

Discover how to address redundant cloud security controls

Read more on the evolving cloud access security broker market

Find out about the challenges for penetration testing in the cloud

Dig Deeper on Cloud Data Storage, Encryption and Data Protection Best Practices