{"id":19513,"date":"2022-07-05T07:10:11","date_gmt":"2022-07-05T15:10:11","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/07\/05\/news-13246\/"},"modified":"2022-07-05T07:10:11","modified_gmt":"2022-07-05T15:10:11","slug":"news-13246","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/07\/05\/news-13246\/","title":{"rendered":"Cloud-based malware is on the rise. How can you secure your business?"},"content":{"rendered":"<p><strong>Credit to Author: Bill Cozens| Date: Tue, 05 Jul 2022 14:34:06 +0000<\/strong><\/p>\n<p>There\u2019s a lot of reasons to think the cloud is more secure than on-prem servers, from better data durability to more consistent patch management \u2014 but even so, there are <a href=\"https:\/\/blog.malwarebytes.com\/business\/2022\/06\/cloud-data-breaches-4-biggest-threats-to-cloud-storage-security\/\">many threats to cloud security<\/a> businesses should address. Cloud-based malware is one of them.<\/p>\n<p>Indeed, while cloud environments are generally more resilient to cyberthreats than on-prem infrastructure, malware delivered over the cloud<a href=\"https:\/\/www.zdnet.com\/article\/even-after-emotet-takedown-office-docs-deliver-43-of-all-malware-downloads-now\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"> increased by 68%<\/a> in early 2021 \u2014 opening the door for a variety of different cyber attacks.&nbsp;&nbsp;<\/p>\n<p>But you might be asking yourself: Doesn\u2019t my cloud provider take care of all of that cloud-based malware? Yes and no.<\/p>\n<p>Your cloud provider will protect your cloud infrastructure in some areas, but under<a href=\"https:\/\/aws.amazon.com\/compliance\/shared-responsibility-model\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"> the shared responsibility model<\/a>, your business is responsible for handling many security threats, incidents, responses, and more. That means, in the case of a cloud-based malware attack, you need to have a game plan ready.<\/p>\n<p>In this post, we\u2019ll cover four ways you can help secure your business against cloud-based malware.<\/p>\n<h2>What ways can malware enter the cloud?<\/h2>\n<p>One of the main known ways the malware can enter the cloud is through a malware injection attack. In a <a href=\"https:\/\/www.malwarebytes.com\/glossary\/injection-attacks\">malware injection attack<\/a>, a hacker attempts to inject malicious service, code, or even virtual machines into the cloud system.<\/p>\n<p>The two most common malware injection attacks are <a href=\"https:\/\/www.malwarebytes.com\/sql-injection\">SQL injection attacks<\/a>, which target vulnerable SQL servers in the cloud infrastructure, and<a href=\"https:\/\/www.malwarebytes.com\/glossary\/cross-site-scripting-xss\"> cross-site scripting attacks<\/a>, which execute malicious scripts on victim web browsers.\u00a0 Both attacks can be used to <a href=\"https:\/\/platform.keesingtechnologies.com\/malware-attacks\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">steal data or eavesdrop in the cloud<\/a>.<\/p>\n<p>Malware can also get into the cloud through file-upload.<\/p>\n<p>Most cloud storage providers today feature file-syncing, which is when files on your local devices are automatically uploaded to the cloud as they\u2019re modified. So, if you download a malicious file on your local device, there\u2019s a route from there to your business\u2019 cloud \u2014 where it can access, infect, and encrypt company data.<\/p>\n<p>In fact, malware delivered through cloud storage apps such as Microsoft OneDrive, Google Drive, and Box <a href=\"https:\/\/www.cybersecuritydive.com\/news\/netskope-cloud-malware-delivery\/617061\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">accounted for 69% of cloud malware downloads in 2021<\/a>.&nbsp;<\/p>\n<h2>Four best practices to prevent cloud-based malware<\/h2>\n<h3>1. Fix the holes in your cloud security<\/h3>\n<p>As we covered in our post <a href=\"https:\/\/blog.malwarebytes.com\/business\/2022\/06\/cloud-data-breaches-4-biggest-threats-to-cloud-storage-security\/\">on cloud data breaches<\/a>, there are multiple weak points that hackers use to infiltrate cloud environments \u2014 and once they find a way into your cloud, they can <a href=\"https:\/\/www.ibm.com\/downloads\/cas\/WMDZOWK6\" target=\"_blank\" rel=\"noreferrer noopener\">drop cloud-based malware<\/a> such as cryptominers and ransomware.<\/p>\n<p>Fixing the holes in your cloud security should be considered one of your first lines of defense against cloud-based malware. Here are three best practices:<\/p>\n<ul>\n<li><strong>Have strong <\/strong><a href=\"https:\/\/blog.malwarebytes.com\/explained\/2022\/04\/why-identity-management-matters\/\"><strong>identity and access management (IAM)<\/strong><\/a><strong> policies<\/strong>: IAM misconfigurations cause <a href=\"https:\/\/www.paloaltonetworks.com\/resources\/research\/unit42-cloud-with-a-chance-of-entropy\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">65% of detected cloud data <\/a>breaches.<\/li>\n<\/ul>\n<ul>\n<li><strong>Properly configure your public APIs<\/strong>: Researchers have <a href=\"https:\/\/www.ibm.com\/downloads\/cas\/WMDZOWK6\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">found that two-thirds of cloud data breaches <\/a>were caused by misconfigured APIs.<\/li>\n<\/ul>\n<ul>\n<li><strong>Set up your cloud storage<\/strong> <strong>correctly<\/strong>: This is relevant if your cloud storage is provided as Infrastructure-as-a service (like Google Cloud Storage or Microsoft Azure Cloud Storage). By not correctly setting up your cloud storage, you risk becoming <a href=\"https:\/\/blogs.vmware.com\/cloudhealth\/cloud-security-report-misconfiguration-risks\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">one of many companies <\/a>who suffer a cloud data breach due to a misconfiguration.<\/li>\n<\/ul>\n<h3>2. Protect your endpoints to detect and remediate malware before it can enter the cloud<\/h3>\n<p>Let\u2019s say you\u2019re the average small to mid-sized company with up to 750 total endpoints (including all company servers, employee computers, and mobile devices). Let\u2019s also say that a good chunk of these endpoints are connected to the cloud in some way \u2014 via Microsoft OneDrive, for example.<\/p>\n<p>At any time, any one of these hundreds of endpoints can become infected with malware. And if you can\u2019t detect and remediate the malware as soon as an endpoint gets infected, there\u2019s a chance it can sync to OneDrive \u2014 where it can infect more files.<\/p>\n<p>This is why <a href=\"https:\/\/www.malwarebytes.com\/cybersecurity\/business\/what-is-edr\">endpoint detection and response<\/a> is a great \u201csecond line of defense\u201d against cloud-based malware.<\/p>\n<p>Three features of endpoint detection and response that can can help track and get rid of malware include:<\/p>\n<ul>\n<li><strong>Suspicious activity monitoring:<\/strong> EDR constantly monitors endpoints, creating a \u201chaystack of data\u201c that can be analyzed to pinpoint any Indicators of Compromises (IoCs).<\/li>\n<\/ul>\n<ul>\n<li><strong>Attack isolation<\/strong>:<strong> <\/strong>EDR prevents lateral movement of an attack by allowing isolation of a network segment, of a single device, or of a process on the device.&nbsp;&nbsp;<\/li>\n<\/ul>\n<ul>\n<li><strong>Incident response<\/strong>: EDR can map system changes associated with the malware, thoroughly remove the infection, and return the endpoints to a healthy state.<\/li>\n<\/ul>\n<h3>3. Use a second-opinion cloud storage scanner to detect cloud-based malware<\/h3>\n<p>Even if you have fixed all the holes in your cloud security and use a top-notch EDR product, the reality is that malware can still make it through to the cloud \u2014 and that\u2019s why regular cloud storage scanning is so important.<\/p>\n<p>No matter what cloud storage service you use you likely store <em>a lot<\/em> of data: a mid-sized company can easily have over 40TB of data stored in the form of millions of files.&nbsp;<\/p>\n<p>Needless to say, it can be difficult to monitor and control all the activity in and out of cloud storage repositories, making it easy for malware to hide in the noise as it makes its way to the cloud. That\u2019s where cloud storage scanning comes in.<\/p>\n<p>Cloud storage scanning is exactly what it sounds like: it\u2019s a way to scan for malware in cloud storage apps like Box, Google Drive, and OneDrive. And while most cloud storage apps have malware-scanning capabilities, it\u2019s important to have a second-opinion scanner as well.<\/p>\n<p>A second-opinion cloud storage scanner is a great second line of defense for cloud storage because it\u2019s very possible that your main scanner will fail to detect a cloud-based malware infection that your second-opinion one catches.<\/p>\n<h3>4. Have a data backup strategy in place<\/h3>\n<p>The worst case scenario: You\u2019ve properly configured your cloud, secured all your endpoints, and regularly scan your cloud storage \u2014 yet cloud-based malware still manages to slip past your defenses and<a href=\"https:\/\/www.malwarebytes.com\/ransomware\"> encrypt all your files<\/a>.\u00a0<\/p>\n<p>You should have a data backup strategy in place for exactly this kind of ransomware scenario.&nbsp;<\/p>\n<p>When it comes to ransomware attacks in the cloud \u2014 which can cause businesses to lose critical or sensitive data \u2014 a data backup strategy is your best chance at recovering the lost files.<\/p>\n<p>There are several important things to consider when implementing <a href=\"https:\/\/blog.malwarebytes.com\/101\/2021\/11\/the-importance-of-backing-up\/\">a data backup strategy<\/a>, according to <a href=\"https:\/\/www.cisa.gov\/uscert\/sites\/default\/files\/publications\/data_backup_options.pdf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Cybersecurity and Infrastructure Security Agency (CISA) recommendations<\/a>. In particular, CISA recommends using the <strong>3-2-1 strategy.&nbsp;<\/strong><\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/101\/2017\/04\/3-2-1-go-make-backups-of-your-data\/\">The <strong>3-2-1 strategy<\/strong><\/a> means that, for every file, keep:<\/p>\n<ul>\n<li><strong>One on a workstation<\/strong>, stored locally for editing or on a local server, for ease of access.<\/li>\n<li><strong>One stored on a cloud backup <\/strong>solution.<\/li>\n<li><strong>One stored on a long-term storage<\/strong> such as a drive array, replicated offsite, or even an old school tape drive.<\/li>\n<\/ul>\n<h2>Prevent cloud-based malware from getting a hold on your organization<\/h2>\n<p>Cloud-based malware is one of many threats to cloud security that businesses should address, and since cloud providers operate under a shared responsibility model, you need to have a game plan ready in the case of a cloud-based malware attack. In this article, we outlined how malware can enter the cloud and four things you can do to better secure your business against it.\u00a0<\/p>\n<p>Interested in reading about real-life examples of cloud-based malware? Read the case study of how a business used Malwarebytes <a href=\"https:\/\/www.malwarebytes.com\/resources\/files\/2018\/11\/200330-mwb-fayolle-case-study-v1.pdf\">to help eliminate cloud-based threats.<\/a>&nbsp;<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/07\/cloud-based-malware-is-on-the-rise-how-can-you-secure-your-business\/\">Cloud-based malware is on the rise. How can you secure your business?<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/07\/cloud-based-malware-is-on-the-rise-how-can-you-secure-your-business\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Bill Cozens| Date: Tue, 05 Jul 2022 14:34:06 +0000<\/strong><\/p>\n<p>Cloud-based malware in on the rise. In this post, we\u2019ll cover four ways you can help secure your business against cloud-based malware.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/07\/cloud-based-malware-is-on-the-rise-how-can-you-secure-your-business\/\">Cloud-based malware is on the rise. How can you secure your business?<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[11885,1001,11146,12798,14971,3764,13132,3765],"class_list":["post-19513","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-backups","tag-business","tag-cloud-security","tag-cloud-storage","tag-edr","tag-malware","tag-malware-scanner","tag-ransomware"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19513","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=19513"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19513\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=19513"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=19513"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=19513"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}