4.1% of all sanctioned cloud apps are laced with malware. During the past month, cloud security analysts have seen more and more malware spreading from one PC to another in a fan-out effect, thanks to file-sharing and file-syncing applications, Netskope, a leading Cloud Access Security Broker (CASB) reports in its February 2016 Worldwide Cloud Report.
The malware discovered that spread via cloud accounts ranges from simple worms to complex ransomware. In most cases the malware is only copied, and users still need to execute it.
Netskope says that the cases it detected looked more like accidents, but there have been many of them. The company says that 4.1% of all the cloud-based apps they scanned contained some kind of malware.
They also say that they’ve scanned only sanctioned (official) cloud apps, which represent only about 5% of the total of cloud-based apps, and that the total number of cloud apps that are laced with malware, or contribute to the spreading of malware, may be much higher than 4.1%.
The report is a sign of future trouble
While many people praise cloud-based services because of their boost in productivity, Netskope’s recent report should be taken as a sign of alarm, and companies should be very careful where they deploy such apps in the future.
Most users and system administrators often see only the positive features that cloud-based apps can bring, and many fail to see how these apps can be abused to spread malware.
For example, Dropbox has been used to send spam for dating sites last December, while a Chinese-based state-sponsored cyber-espionage group have used it in the past to hide their C&C servers.
Because of its 99.99% guaranteed uptime record, malware authors are starting to target and integrate these services as a core component in their malware.
Taking into account what Netskope has uncovered, it will not be strange to see a ransomware family that specifically targets Dropbox, OneDrive, or Google Drive sync folders to spread to other computers.