Researchers confirm cases of ransomware encryption jumping devices via cloud apps
Netskope's report explained how cloud apps give ransomware a means to spread its encryption protocols to secondary victims without needed to be downloaded again.
The rapidly expanding use of cloud applications is not only spreading malware faster than ever, but also propagating the effects of ransomware encryption from one user to another — even when the malware itself is not actually downloaded by the secondary victim, according to a new report.
The February 2016 Worldwide Cloud Report from cloud access security broker Netskope noted a “handful” of instances in which ransomware encrypted a user device's files as well as copies of those files saved to the sync folder of a popular cloud storage application. Subsequently, secondary users who also automatically synced to that very same folder had their device's files encrypted as well.
In an interview with SCMagazine.com, Netskope Chief Marketing Officer Jamie Barnett confirmed this was the first time her company has detected this encryption phenomenon in the wild. Such scenarios have until now been largely hypothetical, but Barnett is not shocked to see a real-life case. “It was a blinding flash of the obvious for us,” she said.
It was not reported how affected companies handled the cloud-based spread of encrypted files. However, Barnett noted that in its own controlled recreation of the ransomware attack, Netskope determined that once the malware was quarantined and killed, the remediation spread across the cloud as well.
In an analysis of its own client base comprising hundreds of companies (most mid-to-large-size), Netskope determined that between Oct. 1 and Dec. 31, 2015, 4.1 percent of businesses used at least one IT department-approved cloud app that had malware embedded within it.
“While this may not seem like a large number,” the report said, “consider the fact that sanctioned apps represent less than five percent of an enterprise's total cloud app footprint.” In other words, the cloud's “fan-out” effect of spreading malware is exacerbated further by employees' use of cloud-based business apps that IT departments did not officially vet and approve.
Indeed, Netskope's latest research shows that globally, enterprises have on average 917 business-related cloud apps in use, the vast majority of which are unsanctioned. This is the highest number ever observed by the company and reflects a 21 percent jump over the previous quarter. Barnett attributed many of these unsanctioned apps to the proliferation of individual apps designed to streamline and simplify the tasks of corporate departments such as HR, finance and marketing.
The report also addressed efforts on the part of companies that must comply with the European Union's General Data Protection Regulation (GDPR). Netskope warned it would be an “uphill battle” for the companies it researchers, with only about 40 percent of their cloud apps ensuring that users' data will not be shared with third parties.