Story image

Corporate SaaS apps teeming with malware - OneDrive scores highest infection rate

08 Feb 2018

New strains of ransomware, malware in SaaS apps and file types that are hiding malicious apps are all lurking as the cloud not only becomes a boon for agility, but also a compelling target for hackers.

According to joint research from Bitglass, a new strain of ransomware called ShurL0ckr is lurking on the dark web – a strain that cloud platforms with built-in malware protection fail to identify.

ShurL0ckr is a ransomware-as-a-service and hackers pay a percentage of a successful ransom to the author. The ransomware is apparently a new strain of the Gojdue ransomware, Bitglass says.

The original Gojdue ransomware has been on the scene since at least April 2017, according to an alert published by Microsoft.

Neither Google Drive nor Microsoft Sharepoint were able to detect the Shurl0ckr ransomware with their built-in threat engines. The team then used VirusTotal and found that only five out of 67 AV engines detected the malware.

“Malware will always be a threat to the enterprise and cloud applications are an increasingly attractive distribution mechanism,” comments Bitglass VP of product management Mike Schuricht.

“Most cloud providers do not provide any malware protection and those that do struggle to detect zero-day threats. Only an AI-based solution that evolves to detect new malware and ransomware can keep cloud data secure.”

The research showed that 44% of scanned organisations had some form of malware in at least one of their cloud applications.

On average, one in three corporate SaaS apps contained malware. The company analysed four popular applications including Google Drive, Dropbox, OneDrive and Box.

It found that Microsoft OneDrive had a 55% infection rate – the highest of all four cloud apps. Google Drive has a 43% infection rate, followed by 33% each for Dropbox and Box.

Common file types such as Office files are also breeding grounds for malware infection. The top five file categories by infection rate include scripts and executables (42%), Office files (21%), other formats such as images and video (19%), Windows system files (10%) and compressed formats such as Zip files (8%).

“The average organization held nearly 450,000 files in the cloud, with 1 in 20,000 containing malware,” the report says.

The Bitglass threat research team scanned tens of millions of files as part of its research.

Bitglass is a Cloud Access Security Broker provider based in the United States. The company works with Cylance to bring security to the Australia and New Zealand markets.

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Ensign and IronNet partner to create cyber analytics capabilities
The Singapore-based joint venture will form a Cyber Analytics Center for Excellence focused on securing regional enterprises from sophisticated cyber threats.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.