Cloud-Based Malware Now Delivers Ransomware

Concerns over ransomware have grown considerably this year, and for good reason. A new study finds that nearly half of all cloud-based malware now delivers ransomware applications.

That is the finding of the September 2016 Netskope Cloud Report, which looks at the prevalence of ransomware and how it spreads through cloud applications within an organization. The study found that 43.7 percent of malware found in enterprises cloud apps have delivered ransomware, and that 55.9 percent of malware-infected files found in cloud apps are shared publically.

To put the threat in perspective, the report says the typical organization has 26 pieces of malware found in cloud apps. Of the 43.7 percent that deliver ransomware, those typically involve common ransomware delivery vehicles, including Javascript exploits and droppers, Microsoft Office macros and PDF exploits.

“These ransomware attacks are often initially delivered through phishing and email attacks, but within cloud environments, infected and encrypted files can quickly spread to other users through cloud app sync and share functionality in what is known as the fan-out effect,” the report warns.

The vulnerability to ransomware will only get worse, the report cautions, as organizations invest more in cloud-based applications. The study found that on average, a typical large organization now has 977 cloud-based apps in use. This is up from 935 last quarter.

Further, 94.7 percent of those apps are not considered “enterprise-ready” according to the Netskope Cloud Confidence Index scoring system. This means “they lack key functionalities such as security, audit and certification, service-level agreement, legal, privacy, financial viability, and vulnerability remediation,” the firm noted.

Information-Management

 

« UK To Examine Phone Surveillance In Prisons
FBI: Don’t Pay Bitcoin Ransomware »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Malwarebytes

Malwarebytes

Malwarebytes provides artificial intelligence-powered technology that stops cyberattacks before they can compromise computers and endpoints.

Irish Reporting & Information Security Service (IRISS)

Irish Reporting & Information Security Service (IRISS)

IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) to provide services to all users within Ireland.

Cloud Industry Forum (CIF)

Cloud Industry Forum (CIF)

Cloud Industry Forum is a non-profit industry body that champions and advocates the adoption and use of Cloud-based services by businesses and individuals.

Spirion

Spirion

Spirion offers data discovery, classification, and protection tools for your business's privacy, security, and compliance program to avoid gaps and risks.

Chubb

Chubb

Chubb is the world’s largest publicly traded property and casualty insurer. Commercial services include Cyber Risk insurance.

Engineering Ingegneria Informatica

Engineering Ingegneria Informatica

Ingegneria Informatica is a leading Italian provider of Information Technology consulting, services and solutions including cyber security.

BitRaser

BitRaser

BitRaser serves your needs for a managed & certified data erasure solution that can support internal & external corporate audit requirements with traceable reporting.

ElcomSoft

ElcomSoft

ElcomSoft is a global leader in computer and mobile forensics, IT security and forensic data recovery.

Invensis Learning

Invensis Learning

Invensis Learning is a professional training and certification company providing IT Service Management, IT Security & Governance, DevOps, Cloud Computing and Digital Awareness training.

Odyssey

Odyssey

Odyssey is an ISO 27001 certified, Cyber -Security, Infrastructure and Risk Management Solutions integrator and a Managed Security Services Provider.

German Accelerator

German Accelerator

German Accelerator supports high-potential German startups in successfully entering the U.S. and Southeast Asian markets.

Privacera

Privacera

Privacera enables consistent data governance, security, and compliance across all your data services - on-premises and in the cloud - so you can maximize the value of your data.

White Hawk Software

White Hawk Software

White Hawk provides code tamper-proofing solutions to protect mission critical software applications from malicious and Zero day attacks and reverse engineering at run time.

RocketCyber

RocketCyber

RocketCyber is a Managed SOC platform empowering Managed Service Providers (MSPs) to deliver security services to small and medium businesses.

Tactic Labs

Tactic Labs

Tactic Labs (part of the Avnon Group) delivers a holistic Cyber-Security Management Platform which provides military-grade protection, safeguarding critical infrastructures and mission-critical data.

LBMC

LBMC

LBMC is a professional services solutions provider in accounting and finance, human resources, technology, risk and information security, and wealth advisory services.