Malware P.I. – Odds Are You're Infected
Published 02/19/2018
By Jacob Serpa, Product Marketing Manager, Bitglass
In Bitglass' latest report, Malware P.I., the Next-Gen CASB company uncovered startling information about the rate of malware infection amongst organizations. Additionally, experiments with a new piece of zero-day malware yielded shocking results. Here is a glimpse at some of the outcomes.
Nearly half of organizations have malware in one of their cloud apps While the cloud endows organizations with great flexibility, efficiency, and collaboration, cloud apps and personal devices accessing corporate data can inadvertantly house and spread malware. However, this does not mean that operating in the cloud is inherently more dangerous than the traditional way of doing things. In the cloud, threats merely adopt new forms and require novel methods of defense. For organizations that fail to adopt cloud-first security solutions like cloud access security brokers (CASBs) that are complete with advanced threat protection (ATP), the consequences can be severe. A single piece of malware is enough to inflict massive damage to any enterprise.
Zero-day malware "ShurL0ckr" deteced by Cylance and not Microsoft or Google
In addition to uncovering the above information, Bitglass' Threat Research Team also discovered a new variety of ransomware. Dubbed "ShurL0ckr," the threat encrypts users' data and demands a ransom in exchange for decryption. Armed with this zero-day malware, tests were performed with a variety of antivirus engines. Cylance, a Bitglass technology partner that uses machine learning to detect unknown threats, was able to detect the ransomware. However, few other engines proved capable of doing so.
Somewhat alarmingly, native ATP tools within Microsoft SharePoint and Google Drive were unable to detect ShurL0ckr. This highlights the growing dangers of relying solely upon cloud applications' native security features. When adopting cloud apps, it is imperative that organizations also adopt advanced, specialized security solutions. In this way, they can ensure that their data is completely secured.
To learn more about malware's assault on the enterprise, download Malware P.I.