Malware's Journey Through the Cloud

Written by

Why is the cloud becoming more targeted by hackers? It’s simple, cloud adoption is on the rise. By 2020, more compute power will have been sold by IaaS and PaaS cloud providers than sold and deployed into enterprise data centers, according to Gartner.

However, there are a couple of inherent challenges with cloud security and its vulnerability to malware in particular. Many IaaS and SaaS apps lack native protections and these apps usually are connected in some way. Also, known malware and unknown malware can affect thousands or even millions of systems and devices -- especially if they are connected via the cloud. Not to mention the constant security oversight of zero-day threats that many users don’t associate with the cloud that become afterthoughts. Lastly, the easy always-on access of the cloud can leave data at risk due to the lack of endpoint protection and awareness of open ports.

Because of these inherent challenges, cloud apps have been a bigger target for malicious attackers as of late. Google Docs was recently hit with a widespread phishing attack, that if completed successfully, gave phishers access to your email and address book – a major issue for businesses of all sizes.


So exactly how does malware infiltrate a network via the cloud? 
At Upload: When malware/ransomware is uploaded from a user's device to cloud apps it can compromise massive amounts of data. Unmanaged and uncontrolled endpoints can readily access cloud applications and may be infected with malware or ransomware. At upload, these files if not properly scanned, identified and blocked, can pose a risk to all your cloud data.

At Download: Files that contain malware that already exist in the cloud can be downloaded and infect other devices. When malware is already in the cloud, detection is critical otherwise employees may download malware from a trusted application to a corporate owned or personal device. Regardless where it is downloaded to, malware in the cloud is a threat because of the potential for spread.

Via Connected apps: Lack of native threat protection means that malware and ransomware most likely already exist in cloud apps. For any organization, connected cloud apps can be useful in enabling productivity. Using Slack in tandem with G Suite, for example, can make sharing documents internally much easier. Unfortunately, the constant communication between systems is also a means for malware to spread.

Cutting malware off at the pass 
There are a handful of ways to prevent malware from entering your cloud environment and it all begins with security education – at all levels. Employee education is one of the most powerful weapons for combating malware in the cloud. You should educate your employees on the multiple potential gateways for these attacks and the signs that their device or app has been compromised. 

Holding regularly scheduled cybersecurity seminars may not be your corporate policy -- especially if you’re a smaller company -- but basic cybersecurity should become a mandatory pillar in your employee training regiment. 

Here are some essential (and easy to execute) employee and IT tips for preventing the spread of malware:

1. The Golden Rule: Preventing malware at your most commonly used end-points (your computer and mobile devices) is essential if you want to keep your company malware-free.

2. Double-check email addresses for odd senders. If you don’t know them and there’s an attachment, don’t open it. You can also convert HTML emails to text-only to avoid malicious links hiding in your inbox.

3. Ensure all operating systems, plugins and browsers (mobile and desktop apply) are updated -- as these updates usually contain vital security patches.

4. Make sure malware and anti-virus software is updated across the entire company. Any hole is a hole for malware.

5. Remove old, outdated and unnecessary software and applications. Hackers bank on old, easy exploits (Windows XP is one of the worst).

Future of malware in the cloud
As more devices and critical data is moved to the cloud, the types of malicious attacks don’t necessarily change much, but how attacks are executed does. 

In the future, there will be more sophisticated attacks as hackers’ experience with cloud attacks grows and they’re able to learn what kinds of attacks (such as targeting those with iCloud accounts) are effective.

Fileless malware might just be the new hot hacker trend in the next few years. Fileless malware is unique in the sense that it can do damage or take control of a system without a user downloading a malicious file. These fileless malware attacks utilize regular ol’ software or authorized apps you use every day to do harm. These attacks are usually untraceable to most third-party security solutions.

Metamorphic or polymorphic malware is basically a shape shifter from your cybersecurity nightmares. This type of malware changes its code and signature patterns on the fly -- therefore your traditional anti-virus software that is signature based will be utterly useless. You’ll need a more advanced solution to this future enterprise epidemic. 

As malware continues to evolve, targets for these attacks are becoming more specific. Recently, spyware and ransomware has been created specifically to target Mac computers, which highlights a more focused approach to these attack. 

Malware is only going to become more advanced and look to cause more damage to enterprises and corporate data as it moves to the cloud. To get ahead of the growing threat, enterprises need to outline a plan that involves not only IT, but employees too.

What’s hot on Infosecurity Magazine?