Cloud-Based Malware Now Delivers Ransomware

Uploaded on 2016-09-20 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Concerns over ransomware have grown considerably this year, and for good reason. A new study finds that nearly half of all cloud-based malware now delivers ransomware applications.

That is the finding of the September 2016 Netskope Cloud Report, which looks at the prevalence of ransomware and how it spreads through cloud applications within an organization. The study found that 43.7 percent of malware found in enterprises cloud apps have delivered ransomware, and that 55.9 percent of malware-infected files found in cloud apps are shared publically.

To put the threat in perspective, the report says the typical organization has 26 pieces of malware found in cloud apps. Of the 43.7 percent that deliver ransomware, those typically involve common ransomware delivery vehicles, including Javascript exploits and droppers, Microsoft Office macros and PDF exploits.

“These ransomware attacks are often initially delivered through phishing and email attacks, but within cloud environments, infected and encrypted files can quickly spread to other users through cloud app sync and share functionality in what is known as the fan-out effect,” the report warns.

The vulnerability to ransomware will only get worse, the report cautions, as organizations invest more in cloud-based applications. The study found that on average, a typical large organization now has 977 cloud-based apps in use. This is up from 935 last quarter.

Further, 94.7 percent of those apps are not considered “enterprise-ready” according to the Netskope Cloud Confidence Index scoring system. This means “they lack key functionalities such as security, audit and certification, service-level agreement, legal, privacy, financial viability, and vulnerability remediation,” the firm noted.

Information-Management

 

« UK To Examine Phone Surveillance In Prisons
FBI: Don’t Pay Bitcoin Ransomware »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

SecPoint

SecPoint

SecPoint provides products to secure & protect your network from remote and local attacks.

IT Security Guru

IT Security Guru

IT Security Gurus publish daily breaking news. interviews with the key thinkers in IT security, videos and the top 10 stories as picked by our Editor.

National Association of Software and Services Companies (NASSCOM) - India

National Association of Software and Services Companies (NASSCOM) - India

NASSCOM is a trade association of Indian Information Technology and Business Process Outsourcing industry. Areas of activity include cyber security.

Intrasoft International

Intrasoft International

Intrasoft International is a leading European IT Solutions and Services Group offering a full range of IT services including Information Security.

ANIS

ANIS

ANIS represents the interests of Romanian IT companies and supports the development of the software and services industry.

Computer Forensics Consult (CFC)

Computer Forensics Consult (CFC)

Computer Forensics Consult provides disaster recovery, computer forensics, electronic discovery and litigation support services in the growing area of Cyber Security.

Monegasque Digital Security Agency (AMSN) - Monaco

Monegasque Digital Security Agency (AMSN) - Monaco

AMSN is the national authority in charge of the security of information systems in Monaco.

Cyber Resilience

Cyber Resilience

Cyber Resilience offer an intensive program designed to help you create strategies to quickly become cyber resilient and to manage cyber risks in a measurable and predictable way.

Stratejm

Stratejm

Stratejm, a Next Generation Managed Security Services Provider, brings innovation and thought leadership to the fight against cyber criminals.

Adaptive Shield

Adaptive Shield

Addaptive Shield - Complete Control For Your SaaS Security. Proactively find and fix weaknesses across your SaaS platforms.

Netragard

Netragard

Netragard has an established reputation for providing high-quality offensive and defensive security services.

White Cloud Security

White Cloud Security

White Cloud is a cloud-based Application Trust-Listing security service that prevents unauthorized programs from running on your computers.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

BlueCat Networks

BlueCat Networks

BlueCat is the Adaptive DNS company. Our mission is to help the world’s largest organizations thrive on network complexity, from the edge to the core.

TAFEcyber

TAFEcyber

TAFEcyber is an Australian based consortium focusing on the skilling of the fast-growing cyber security workforce through education and training.

Cyberlocke

Cyberlocke

Cyberlocke is dedicated to finding inventive solutions to meet the distinct IT obstacles of each organization we support.