Story image

Corporate SaaS apps teeming with malware - OneDrive scores highest infection rate

08 Feb 2018

New strains of ransomware, malware in SaaS apps and file types that are hiding malicious apps are all lurking as the cloud not only becomes a boon for agility, but also a compelling target for hackers.

According to joint research from Bitglass, a new strain of ransomware called ShurL0ckr is lurking on the dark web – a strain that cloud platforms with built-in malware protection fail to identify.

ShurL0ckr is a ransomware-as-a-service and hackers pay a percentage of a successful ransom to the author. The ransomware is apparently a new strain of the Gojdue ransomware, Bitglass says.

The original Gojdue ransomware has been on the scene since at least April 2017, according to an alert published by Microsoft.

Neither Google Drive nor Microsoft Sharepoint were able to detect the Shurl0ckr ransomware with their built-in threat engines. The team then used VirusTotal and found that only five out of 67 AV engines detected the malware.

“Malware will always be a threat to the enterprise and cloud applications are an increasingly attractive distribution mechanism,” comments Bitglass VP of product management Mike Schuricht.

“Most cloud providers do not provide any malware protection and those that do struggle to detect zero-day threats. Only an AI-based solution that evolves to detect new malware and ransomware can keep cloud data secure.”

The research showed that 44% of scanned organisations had some form of malware in at least one of their cloud applications.

On average, one in three corporate SaaS apps contained malware. The company analysed four popular applications including Google Drive, Dropbox, OneDrive and Box.

It found that Microsoft OneDrive had a 55% infection rate – the highest of all four cloud apps. Google Drive has a 43% infection rate, followed by 33% each for Dropbox and Box.

Common file types such as Office files are also breeding grounds for malware infection. The top five file categories by infection rate include scripts and executables (42%), Office files (21%), other formats such as images and video (19%), Windows system files (10%) and compressed formats such as Zip files (8%).

“The average organization held nearly 450,000 files in the cloud, with 1 in 20,000 containing malware,” the report says.

The Bitglass threat research team scanned tens of millions of files as part of its research.

Bitglass is a Cloud Access Security Broker provider based in the United States. The company works with Cylance to bring security to the Australia and New Zealand markets.

Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Online attackers abusing Kiwis' generosity in wake of Chch tragedy
It doesn’t take some people long to abuse people’s kindness and generosity in a time of mourning.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."