Story image

Corporate SaaS apps teeming with malware - OneDrive scores highest infection rate

08 Feb 18

New strains of ransomware, malware in SaaS apps and file types that are hiding malicious apps are all lurking as the cloud not only becomes a boon for agility, but also a compelling target for hackers.

According to joint research from Bitglass, a new strain of ransomware called ShurL0ckr is lurking on the dark web – a strain that cloud platforms with built-in malware protection fail to identify.

ShurL0ckr is a ransomware-as-a-service and hackers pay a percentage of a successful ransom to the author. The ransomware is apparently a new strain of the Gojdue ransomware, Bitglass says.

The original Gojdue ransomware has been on the scene since at least April 2017, according to an alert published by Microsoft.

Neither Google Drive nor Microsoft Sharepoint were able to detect the Shurl0ckr ransomware with their built-in threat engines. The team then used VirusTotal and found that only five out of 67 AV engines detected the malware.

“Malware will always be a threat to the enterprise and cloud applications are an increasingly attractive distribution mechanism,” comments Bitglass VP of product management Mike Schuricht.

“Most cloud providers do not provide any malware protection and those that do struggle to detect zero-day threats. Only an AI-based solution that evolves to detect new malware and ransomware can keep cloud data secure.”

The research showed that 44% of scanned organisations had some form of malware in at least one of their cloud applications.

On average, one in three corporate SaaS apps contained malware. The company analysed four popular applications including Google Drive, Dropbox, OneDrive and Box.

It found that Microsoft OneDrive had a 55% infection rate – the highest of all four cloud apps. Google Drive has a 43% infection rate, followed by 33% each for Dropbox and Box.

Common file types such as Office files are also breeding grounds for malware infection. The top five file categories by infection rate include scripts and executables (42%), Office files (21%), other formats such as images and video (19%), Windows system files (10%) and compressed formats such as Zip files (8%).

“The average organization held nearly 450,000 files in the cloud, with 1 in 20,000 containing malware,” the report says.

The Bitglass threat research team scanned tens of millions of files as part of its research.

Bitglass is a Cloud Access Security Broker provider based in the United States. The company works with Cylance to bring security to the Australia and New Zealand markets.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.