Cloud-based malware is a real and present danger – and it can spread through an organisation like wildfire. But it is not always on the radar of security teams, and without strong protocols in place, there are many possible routes to infection. It’s time for those organisations which don’t have strong protection against cloud-based malware to wake up to the dangers, and protect themselves.

The same – but different

Cloud-based malware is in many ways no different to more ‘traditional’ types which might break in through routes like an infected file drawn off a USB stick, or a compromised web page. It can have similar payloads – ransomware, industrial espionage, and so on. But the cloud offers two important distribution advantages: there are many more routes to infection, and cloud allows malware to spread with alarming rapidity.

Alex Hinchliffe, threat intelligence analyst at Unit 42, told Cloud Pro that cloud-based malware spreads in rather familiar ways to physical infections.

“Adversaries who may have compromised systems in the cloud may attempt to move laterally to other hosts in the cloud, using typical methods as they go, such as gaining credentials through key-logging, brute-forcing, or even additional spear-phishing attacks on employees or using password-stealing tools on infected systems,” says Hinchliffe.

The lure of cloud-based services

Thanks to the growth and development of software-as-a-service (SaaS), we are becoming more and more reliant on the cloud for the majority of our everyday computing needs.

We can share information with other people easily, no matter where they are. We can whiteboard ideas, have group conversations in virtual space, create, edit and amend content of all kinds, manage projects and teams, and so on.
SaaS allows IT teams to offer a range of capabilities they might struggle to deliver through in-house tech, and to access new services and new ways of working much more quickly than they could through in-house implementation. It helps them improve efficiency and productivity, and to punch above their weight.

Many of us have settled into a mindset where cloud apps are the norm. It isn’t a big leap from there to step outside the services sanctioned by the IT team and strike out alone, setting up accounts with web-based services that will help with a particular project. It is highly possible that the IT team only knows about a fraction of the cloud services in use at any one time.

The problem for the IT team is policing all the cloud services used to help keep internal systems safe. All it takes is a single malicious file, shared through a service that operates in your IT departments blind spot, to bring down a network.

When strengths become weaknesses

We shouldn’t be under any illusions about the danger of cloud-based malware. New research from Bitglass scanned tens of millions of files and found on average one in three corporate instances of SaaS apps contained malware.
Of the four major SaaS applications – OneDrive, Google Drive, Box, and Dropbox – Microsoft OneDrive had the highest rate of infection at 55%. Google Drive came in at 43%, while Dropbox and Box were at 33% each.

New research from Palo Alto Networks also found that 68% of cybersecurity professionals working in large organisations in the UK say the rush to the cloud is not taking full account of the security risks. Just 15% of UK security professionals said they were able to maintain consistent, enterprise-class cyber security across their cloud networks and endpoints, according to the research.

Taking control of the situation

Arguably the most appropriate strategy for getting ahead of the threat of cloud-based malware is to have effective endpoint solutions – i.e. to use trusted third-party solutions that will monitor laptop and desktop computers, tablets and phones.

This can be more complex than it seems. We’ve already noted that there will likely be many more cloud apps in play than the IT team is aware of, and the endpoint solution will need to keep an eye on all file uploads and downloads.

Of course, that’s on top of the burden of monitoring every piece of kit used by employees. This will need to include those provided by the organisation, sanctioned BYOD devices, and, inevitably, BYOD devices that are not sanctioned.

There also needs to be an effective backstop layer of protection that will come into play when an infection gets through so that it doesn’t spread into the organisation’s own cloud applications.

Strong protection is the only way to defend against infection. And this is becoming more and more necessary. While the immediate threat of Wannacry may have passed, the 300,000 computer systems infected around the world, including those within the NHS, speak volumes to the potential damage a similar outbreak could wreak.

This should be especially concerning given the NHS’ recent commitment to moving its systems to a cloud-based model, and reports that its systems have yet to reach a standard capable of warding off a similar attack in the future.

The threat from ransomware isn’t going away anytime soon, and that, along with industrial espionage and other exploits, needs to be paid serious attention.

Image: Shutterstock

Cloud software company Cloudistics has declared its entrance into the Europe, Middle East, and Africa (EMEA) region soon after its launch of the Accelerate channel program in the US.

Ignition Ltd, based in the UK, and Securicom IT Solutions, based in Africa, have already made distribution agreements with Cloudistics.

The Accelerate program, which is tailored to each company’s value-added resellers (VARs), Technology Alliance Partners (TAPs), and Managed Service Providers (MSPs), is now available for EMEA partners.

“This is going to radically change how businesses in EMEA approach digital transformation going forward,” said Jay Wilson, sales manager of the VAR 4way Solutions, who was enthusiastic about Cloudisitics’ EMEA expansion, noting it provides the channel with a service that can help address the adoption of technology in the face of stringent budgets.

“With Cloudistics we can offer customers the ability to repatriate workloads from public cloud with its unpredictable costs and the heavy OPEX burden and bring this home where they can enjoy all the benefits of public cloud from behind the security and control of their own firewall,” he said.

Cloudistics touts its services as “turnkey enterprise cloud that breaks the barriers of cloud adoption”, and notes that there has been an emphasis shift from cloud creation and adoption to how cloud functions as a tool to enable businesses to adopt digital transformation doctrines.

Its services are designed to mitigate unanticipated costs and difficulties associated with public cloud adoption by bringing its benefits behind a firewall, essentially transitioning it into a private cloud that is easier for enterprises to implement, deploy and operate.

It fits into the user’s datacenter without hardware-specific dependencies and comes built-in with security. Through its Integration Marketplace, it also offers virtual-machine templates so that companies can tailor applications to their own needs.

“This product brings immense value to any organisation concerned with IT’s ability to instantaneously respond to the fast changing needs of its business with simplified and rapid applications deployment,” said Najaf Husain, CEO and founder of Cloudistics.

Cloudistics looks to be building upon its successes in 2017, with the firm highlighting new customers on its books such as Microstrategy, Massanutten ski resorts and CAE online who joined Cloudistics in 2017 because the company “demonstrated a premium cloud experience where legacy solutions such as VMware fell short”.

VMware has updated its vSphere and vSAN products, introducing compatibility with multi-cloud hybrid environments.

VMware Sphere 6.7 crosses the boundaries between on-premise and public cloud environments, offering visibility and management of vSphere running on a wide range of platforms such as AWS, IBM Cloud and other VMware Cloud Provider Program partner clouds.

ESXi Single Reboot and vSphere Quick Boot will reduce the time it takes for businesses to roll out patches and upgrades, with only one reboot required to complete the process. Performance will be boosted thanks to the utilisation of persistent memory and used alongside the enhanced vCenter Server Appliance, it will provide 200% faster performance in vCenter operations per second compared to vSphere 6.5.

Trusted Platform Module (TPM) 2.0 Support and Virtual TPM 2.0 will add extra security for both the hypervisor and the guest OS.

Additions in VMware vSAN 6.7 include support for HTML5 clients and the ability to monitor and control multiple hyperconverged infrastructure environments. VMware has introduced six new dashboards for monitoring a wider range of parameters, including capacity, performance, KPIs and alerts without a separate vRealize Operations licence.

HCI support has been extended to applications such as Cassandra, Hadoop and MongoDB, making it a more suitable option for those using alternative environments for their cloud applications. Should a hardware failure occur, vSAN 6.7’s self-healing capabilities will kick in, minimising disruption.

Download now

“The continued innovation in our award-winning compute and HCI portfolio makes the hybrid cloud a reality for our customers,” said Rajiv Ramaswami, COO of Products and Cloud Services at VMware. “The rapid adoption of vSAN, coupled with longstanding vSphere leadership is a testament to the importance of a digital foundation that extends from on-premises to the public cloud.”

The US Supreme Court has decided to drop a test case between Microsoft and the Department of Justice (DoJ), leaving a serious legal question about the reach of America’s Courts in the digital world.

In a case that had started in 2013, Microsoft refused to hand over emails stored in severs at the company’s data centre in Dublin that were subject to a warrant over a criminal investigation into alleged drug trafficking.

After decisions both in favour and against each party made in various courts, the case came to the Supreme Court to decide once and for all. But the Justices decided on Monday that the case was moot because of the new CLOUD Act passed into law by Congress last month.

The Clarifying Lawful Overseas Use of Data (CLOUD) Act states that US companies are obliged to provide access to all content – whether held on a server in the US or outside the country – if they are issued with a warrant, but can reject such demands if they conflict with foreign laws, such as data protection legislation.

The DoJ immediately issued a new warrant to Microsoft in light of the law, which readily handed over the data, and both parties asked the Supreme Court to close the case, as no live dispute remained.

However, by closing the case, the Supreme Court avoided weighing in on the legal question of whether a company could refuse to comply with such a warrant due to it contradicting the local law where the data is stored.

After the Act had passed, US Senator Ron Wyden questioned the legitimacy of the bill given its rush through Congress, with the legislation attached to a huge spending bill document.

“This bill contains only toothless provisions on human rights that Trump’s cronies can meet by merely checking a box. It is legislative malpractice that Congress, without a minute of Senate debate, is rushing through the CLOUD Act on this must-pass spending bill,” he said.