Stopping Malware in The Cloud
It’s easy to forget that as fast as things are changing online in terms of what you can do and how you can do it, cybercriminals are changing too — and inventing new and better ways to exploit these opportunities.
For instance, one of the fastest-growing aspects of malicious attacks are malware that propagate themselves in the cloud.
Talk About Viral
Remember junk toolbars? Hopefully you haven’t seen one in a while. These were malicious little programs that piggy-backed themselves to other downloads and leveraged user inattention to install themselves. Once installed, they had access to the whole desktop. The ‘infection’ was limited to one computer, although sometimes malware would spread throughout a network.
Now, malware is being designed to ‘fan out’ from a single instance and sync to any cloud that it can gain access to. Cloud’s strength becomes its weakness.
How Are They Getting In?
Malware creators are inventive. For a couple of years, security analysts have noted that large public clouds like Amazon and Godaddy are providing luxurious havens for all kinds of malware. These IPs are frequently white-listed, so they either sign up directly, or buy out an existing legitimate domain, and use those as a launching point. Of course, the cloud providers immediately squash these operations as soon as they’re detected, but given the sheer scale of these public clouds, it’s difficult to identify these rings. And of course, the malware creators just start over with a new domain.
That’s not the only way that malware can get into your organization. Imagine this scenario: Your HR department is using a service like Monster.com or LinkedIn to fill a position. Attachments (presumably all resumes) flood in, so HR dumps them all in a folder on the network to sort through them. Except one of those attachments contains malware.
Or, even worse, the very SaaS applications you use daily may already be compromised. In a recent report from Netskope found that “4.1 percent of those enterprises’ sanctioned apps are laced with malware such as trojans, viruses, and spyware. The volume of malware in those apps ranged from a handful of files to many dozens in a customer tenant.”
How To Protect Yourself
The most important thing to have is a clean, uncompromised back-up. Once malware is identified, wipe clean and restart. However, you must be proactive about spotting malware. Sandboxing procedures can help you detonate malware before it becomes a threat, but everyone has to be on board.
You will also need to be on the lookout for signs of malware, such as activity when your cloud should be ‘at rest,’ or anomalous spikes in activity. It is also very important to keep an eye on the data leaving your network. Unauthorized exports are a sure sign that malware is at work.
Need to talk to someone about malware security protocol and backups? Call us anytime; we’re here to help.