By Davit Asatryan, Product Manager, Spin Technology
Cloud technology and services continue to gain popularity due to their ability to allow businesses to cut costs, improve an outdated IT infrastructure, and stay current with the competition. However, security isn’t always top of mind when adding new services. The dramatic increase in connected devices and the web of hardware and software used to connect to the internet and cloud means organizational data is more vulnerable than ever to attack. Without the proper security protections to protect employees using these cloud services, organizations can easily fall victim to ransomware.
Ransomware works by infiltrating a user’s PC or mobile device via malicious software that is usually installed unintentionally after clicking a link in an email that’s posed as something else. Once installed, the software uses cryptography to prevent users from accessing their files and demands a sum of money to unencrypt the data. Until recently, ransomware was mostly an issue on local computers or mobile devices. However, the most recent wave of ransomware attacks is infiltrating cloud apps. This introduces a new and more serious threat for modern businesses, especially those that rushed to the cloud to enable remote workers without taking proper security precautions.
Types of Ransomware
A large percentage of malware is known to deliver ransomware, and more than half of malware-infected files are shared publicly. The most common types of cloud malware include JavaScript exploits and droppers, Microsoft Office macros, PDF exploits, Linux malware, and Backdoors. If a hacker manages to gain access to a cloud service provider successfully, they can essentially launch a ransomware attack that can affect every customer.
Ransomware called Cerber targets Office 365 users via malicious macros in Office documents attached to spam emails. While Office 365 automatically disables macros to prevent malware from entering the system, Cerber uses social engineering to trick the user into bypassing this security feature. While many cloud services offer the option to recover a previous version of files, this does not mean that they are safe from ransomware. If the user has the opportunity to delete these previous versions, so does the malware. The cloud can also spread malware to other users through the sharing of infected files and automatic syncing. For example, Virlock ransomware specifically targets cloud storage and collaboration platforms, allowing it to replicate rapidly through the whole network from a single infected user.
Cloud applications, including file sharing, collaboration, and social networks, are becoming one of the most common ways of spreading malware. One out of every ten companies has malware in their cloud storage facility. It is therefore vital that any company using the cloud for storage or collaboration invests in automated daily backup and daily cloud apps auditing to detect and recover from malware attacks. However, these examples do not mean that using the cloud for backup and collaboration is riskier than confining all software to in-house. Most small to medium businesses do not have the resources to ensure state-of-the-art security for their data. In this case, relying on the more sophisticated security measures of enterprise cloud providers is both economical and provides enhanced data security.
Reducing the Risk and Impact of Ransomware in the Cloud
The best way to protect yourself from vulnerabilities is to ensure that software is always kept up to date and patched for urgent security updates. Many businesses struggle with ensuring patches are current and installed on every machine within the organization. Hence, a system for deploying updates in a timely fashion is essential for network integrity. Mobile code such as Java and Flash can make calls to a website to download malicious software. Removing them from your browser will increase the security and make ransomware attacks less likely. It is also essential to provide thorough security training for staff and educate them on how malware can infect files. This alone can reduce the risk of ransomware that is installed due to a user clicking a link in a phishing email, for example.
Each organization should carefully develop its IT security policies, making sure to account for working in the cloud. For example, restricting the use of cloud applications to enterprise-level software will significantly reduce the risk of malware attacks due to their superior security controls. Cloud-based antivirus software, network monitoring, and threat detection, including the ability to block suspicious activity, is another effective way to create a more secure computing environment when there are a lot of users on the network. Regular backups with efficient recovery capability are the best way to recover from a ransomware attack. They allow an earlier, unencrypted version of the data to be restored, thereby nullifying the effect of the ransomware.
Most cloud service providers have secure backups (this should be an essential requirement when looking for a cloud provider), however, if they do not have an efficient recovery procedure in place, it may take days or weeks to restore files to their original unencrypted state, which can cost affected organizations substantially in terms of lost business hours. It’s also essential that cloud service providers use sophisticated and up-to-date anti-malware on their servers to detect infected files.
Encryption is Key
In many cloud applications such as Google Apps, Office 365, and Salesforce, data is created in the cloud and copied to the backup provider. Cloud backup providers have their security in place to ensure the safety of the physical servers, but data may be vulnerable while it is in transit. Any communication of data between the client and the cloud provider must be encrypted. Not all encryption algorithms are equal, and it’s important to make sure the provider you use is utilizing industry-standard encryption protocols.
Cloud data services should use only protocol TLSv1.1 or higher. Additionally, they should own a security certificate that has been confirmed by a well-known and trusted certification. Data should be encrypted while in transit and once it reaches the servers of the cloud provider and remains in storage. Storing the data in encrypted format means that if an unauthorized person manages to achieve physical or electronic access to these backup servers, the actual data will still be inaccessible.
A Multi-Faceted Defense
Businesses are becoming increasingly high-tech and connected. As their needs and demands grow, so too will the digital security industry to meet these needs. The security needs of digital businesses include more sophisticated security policies and management, advanced monitoring, detection, and auto-response systems, and more secure access control. The challenge is providing all these things in an environment that is growing and has diverse needs. Businesses need to remain vigilant and continuously alert to the potential of cloud ransomware attacks, especially in a national climate where employees are working off-site and using unprotected personal devices to access company cloud files.
About the Author
Davit Asatryan, Product Manager, Spin Technology.Davit Asatryan is a Product Manager who has been working with Spin Technology since 2018. He is a Cloud Security & Backup specialist focused on protecting G Suite & Office 365 data.Davit can be reached online at ([email protected]) and at our company website www.spin.ai.