Cloud Migration Creates New Malware Infection Vectors

Of all the technologies to make a big impact in the past decade, cloud computing must surely rank among the top. Cloud computing fundamentally changed the way that data is stored, managed, and processed. It did this by allowing for businesses and individuals to break free of the old requirements of on-premises equipment and to instead use the connecting power of the internet to hand these tasks over to large data centers, potentially thousands of miles away, which can carry out these tasks.

Cloud computing offers flexibility, cost savings, added security, increased collaboration, and — particularly appropriate for pandemic times — more mobility. Using the cloud, it’s possible to access data from wherever in the world you are, just so long as you have an internet connection.

For all of these reasons, companies have been increasingly moving to the cloud for years. This cloud migration has brought with it a slew of benefits for the businesses and organizations in question.

Bad actors are ready to wreak chaos
This has particularly paid off during COVID-19, which has spurred a surge in the use of cloud-based apps. According to a PWC report, in the first quarter of 2020 alone, as the effects of the pandemic and global lockdown were just starting to be felt, cloud spending increased 37% to a total of $29 billion. These trends only ramped up as the year continued. In the year as a whole, the total number of cloud apps being used per organization increased by 20%. Organizations that had between 500 – 2,000 employees use an average of 664 different cloud apps every month.

But while the cloud has become a game-changer, as with any new disruptive technology, bad actors are willing to jump on the changes to cause damage. In this case, that means using cloud apps as a common malware delivery mechanism. For example, a recent report suggested that 61% of malware is now delivered using a cloud app, representing an increase of 48% year-over-year. Cloud apps are also the target of more than one-third of all phishing campaigns, as would-be hackers try and leverage cloud apps to gain access to targets.

There are multiple examples of cloud-based malware. For example, Virlock is a type of polymorphic ransomware, referring to malware that encrypts sensitive data and extorts victims by charging them money in exchange for the decryption key. Virlock spread using cloud storage, cloud sync, and cloud-based collaboration applications. Meanwhile, RanSerKD is a cloud-based malware spread using Word documents and Dropbox. These are just two illustrations of the kinds of malware spreading using the cloud. More are emerging on a regular basis.

Proper protection
To protect themselves, organizations need solutions in place that can adequately block cloud-based malware delivery. Organizations must have cloud-native security solutions that are able to detect and stop malware via the cloud. Tools that can help protect cloud workloads are able to halt web application and API attacks which may lead to data theft.

Other mitigation tools work by tracking data activity using the cloud, across both users and applications and microservices. If malware is detected, these measures can offer incredibly rapid (read: split-second) responses to threats.

This kind of fast response is much needed. Cloud-based malware has the potential to propagate extremely quickly. This kind of malware takes advantage of the ease of access that cloud computing offers. Because data travels constantly to the cloud and back, including client devices and infrastructure, there is the opportunity for a solitary document, once compromised, to prove extraordinarily damaging.

Act fast in an age of serious threats
Cloud malware also has the opportunity to result in serious data breaches for targets. After a system has been compromised with malware, it could potentially be used to gain attackers a foothold after which they could exfiltrate sensitive data, possibly including financial information belonging to customers. This threat risks not only damaged reputations for businesses or organizations that are hit, but also potential fines from regulators due a failure to properly protect customer information.

Cloud-based malware is only going to become more of a threat. As organizations become even more reliant on cloud-based services, attackers will increasingly focus on this area as a target for attacks. The data and services that are stored on, or accessed via, the cloud are increasingly essential to the daily running of many modern businesses. There is, today, a reliance on the cloud in a way that there wasn’t even a couple of years ago.

The good news is that the tools are there for businesses and organizations to protect themselves. This is a serious threat, and it’s one that is still yet to prove quite as serious as it is sure to become. Take the correct steps now, and it’s possible to mitigate this threat before it becomes more damaging.