Story image

Corporate SaaS apps teeming with malware - OneDrive scores highest infection rate

08 Feb 2018

New strains of ransomware, malware in SaaS apps and file types that are hiding malicious apps are all lurking as the cloud not only becomes a boon for agility, but also a compelling target for hackers.

According to joint research from Bitglass, a new strain of ransomware called ShurL0ckr is lurking on the dark web – a strain that cloud platforms with built-in malware protection fail to identify.

ShurL0ckr is a ransomware-as-a-service and hackers pay a percentage of a successful ransom to the author. The ransomware is apparently a new strain of the Gojdue ransomware, Bitglass says.

The original Gojdue ransomware has been on the scene since at least April 2017, according to an alert published by Microsoft.

Neither Google Drive nor Microsoft Sharepoint were able to detect the Shurl0ckr ransomware with their built-in threat engines. The team then used VirusTotal and found that only five out of 67 AV engines detected the malware.

“Malware will always be a threat to the enterprise and cloud applications are an increasingly attractive distribution mechanism,” comments Bitglass VP of product management Mike Schuricht.

“Most cloud providers do not provide any malware protection and those that do struggle to detect zero-day threats. Only an AI-based solution that evolves to detect new malware and ransomware can keep cloud data secure.”

The research showed that 44% of scanned organisations had some form of malware in at least one of their cloud applications.

On average, one in three corporate SaaS apps contained malware. The company analysed four popular applications including Google Drive, Dropbox, OneDrive and Box.

It found that Microsoft OneDrive had a 55% infection rate – the highest of all four cloud apps. Google Drive has a 43% infection rate, followed by 33% each for Dropbox and Box.

Common file types such as Office files are also breeding grounds for malware infection. The top five file categories by infection rate include scripts and executables (42%), Office files (21%), other formats such as images and video (19%), Windows system files (10%) and compressed formats such as Zip files (8%).

“The average organization held nearly 450,000 files in the cloud, with 1 in 20,000 containing malware,” the report says.

The Bitglass threat research team scanned tens of millions of files as part of its research.

Bitglass is a Cloud Access Security Broker provider based in the United States. The company works with Cylance to bring security to the Australia and New Zealand markets.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.