More Than One-Fourth of Malware Files “Shared”
Blog Article Published: 06/15/2016
By Krishna Narayanaswamy, Chief Scientist, Netskope Last week, Netskope released its global Cloud Report as well as its Europe, Middle East and Africa version highlighting cloud activity from January through March of 2016. Each quarter we report on aggregated, anonymized findings such as top used apps, top activities, top policy violations, and other cloud security findings from across our customers using the Netskope Active Platform, including by industry. This report took up where we last off last quarter on our cloud malware research, in which we found that 4.1 percent of enterprises had at least one sanctioned cloud app laced with malware. This quarter that number has risen to 11.0 percent, or nearly triple since last quarter. This is before counting unsanctioned apps, which we are researching and will incorporate into future reports. When we do, we expect these numbers to increase dramatically. Beyond sharing volume of detections, this quarter’s report breaks down those malware into the following observed categories, several of which are known to be used to distribute or propagate ransomware:
- MS Office macros
- Mobile malware
- Spy- and Adware
- Mac malware
- Back up versions of your critical content in the cloud. Enable your app’s “trash” feature and set the default purge to a week or more. This is one of your best bets for preserving your data should you become infected with data destructing malware such as ransomware.
- Use your CASB to scan for and remediate cloud malware in your sanctioned apps. Make sure to check for infected users through sync and share. Integrate your CASB with, and share detections across, your existing security infrastructure such as your sandbox and endpoint detection and response (EDR) so you can stop malware wherever it’s propagating in your environment.
- Detect malware incoming via sanctioned and unsanctioned apps.
- Detect anomalies in your sanctioned and unsanctioned cloud apps, such as unusual file upload activity or other out-of-the-norm behaviors.
- Monitor uploads to sanctioned and unsanctioned cloud apps for sensitive data, which can indicate exfiltration in which malware is communicating with a cloud-based command and control server.