Story image

Corporate SaaS apps teeming with malware - OneDrive scores highest infection rate

08 Feb 18

New strains of ransomware, malware in SaaS apps and file types that are hiding malicious apps are all lurking as the cloud not only becomes a boon for agility, but also a compelling target for hackers.

According to joint research from Bitglass, a new strain of ransomware called ShurL0ckr is lurking on the dark web – a strain that cloud platforms with built-in malware protection fail to identify.

ShurL0ckr is a ransomware-as-a-service and hackers pay a percentage of a successful ransom to the author. The ransomware is apparently a new strain of the Gojdue ransomware, Bitglass says.

The original Gojdue ransomware has been on the scene since at least April 2017, according to an alert published by Microsoft.

Neither Google Drive nor Microsoft Sharepoint were able to detect the Shurl0ckr ransomware with their built-in threat engines. The team then used VirusTotal and found that only five out of 67 AV engines detected the malware.

“Malware will always be a threat to the enterprise and cloud applications are an increasingly attractive distribution mechanism,” comments Bitglass VP of product management Mike Schuricht.

“Most cloud providers do not provide any malware protection and those that do struggle to detect zero-day threats. Only an AI-based solution that evolves to detect new malware and ransomware can keep cloud data secure.”

The research showed that 44% of scanned organisations had some form of malware in at least one of their cloud applications.

On average, one in three corporate SaaS apps contained malware. The company analysed four popular applications including Google Drive, Dropbox, OneDrive and Box.

It found that Microsoft OneDrive had a 55% infection rate – the highest of all four cloud apps. Google Drive has a 43% infection rate, followed by 33% each for Dropbox and Box.

Common file types such as Office files are also breeding grounds for malware infection. The top five file categories by infection rate include scripts and executables (42%), Office files (21%), other formats such as images and video (19%), Windows system files (10%) and compressed formats such as Zip files (8%).

“The average organization held nearly 450,000 files in the cloud, with 1 in 20,000 containing malware,” the report says.

The Bitglass threat research team scanned tens of millions of files as part of its research.

Bitglass is a Cloud Access Security Broker provider based in the United States. The company works with Cylance to bring security to the Australia and New Zealand markets.