Cloud-Based Malware Now Delivers Ransomware

Concerns over ransomware have grown considerably this year, and for good reason. A new study finds that nearly half of all cloud-based malware now delivers ransomware applications.

That is the finding of the September 2016 Netskope Cloud Report, which looks at the prevalence of ransomware and how it spreads through cloud applications within an organization. The study found that 43.7 percent of malware found in enterprises cloud apps have delivered ransomware, and that 55.9 percent of malware-infected files found in cloud apps are shared publically.

To put the threat in perspective, the report says the typical organization has 26 pieces of malware found in cloud apps. Of the 43.7 percent that deliver ransomware, those typically involve common ransomware delivery vehicles, including Javascript exploits and droppers, Microsoft Office macros and PDF exploits.

“These ransomware attacks are often initially delivered through phishing and email attacks, but within cloud environments, infected and encrypted files can quickly spread to other users through cloud app sync and share functionality in what is known as the fan-out effect,” the report warns.

The vulnerability to ransomware will only get worse, the report cautions, as organizations invest more in cloud-based applications. The study found that on average, a typical large organization now has 977 cloud-based apps in use. This is up from 935 last quarter.

Further, 94.7 percent of those apps are not considered “enterprise-ready” according to the Netskope Cloud Confidence Index scoring system. This means “they lack key functionalities such as security, audit and certification, service-level agreement, legal, privacy, financial viability, and vulnerability remediation,” the firm noted.

Information-Management

 

« UK To Examine Phone Surveillance In Prisons
FBI: Don’t Pay Bitcoin Ransomware »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

TWNCERT

TWNCERT

TWNCERT is the National Computer Emergency Response Team of Taiwan.

Nexthink

Nexthink

Using our solution, hundreds of IT departments effectively balance offering a productive and enjoyable end-user experience with making the right decisions to secure and transform the digital workplace

Ellipsis Technologies

Ellipsis Technologies

Ellipsis Technologies is a diversified technology company that develops innovative security software for websites and online applications.

Sqreen

Sqreen

Sqreen is a web application security monitoring and protection solution helping companies protect their apps and users from attacks.

MENAInfoSecurity

MENAInfoSecurity

MENAInfoSecurity is a regional leader in information security solutions, assurance services and managed services.

Secure Recruitment

Secure Recruitment

Secure Recruitment is a specialist Executive Search business that focuses its efforts on attracting specific exceptional talent in Cyber Security.

CYR3CON

CYR3CON

Harness the power of artificial intelligence with CYR3CON's unique, hacker-centric approach to predicting and preventing cyber attacks.

Cyber Risk Aware

Cyber Risk Aware

Cyber Risk Aware provide a security awareness and phishing simulation platform that focuses on real threats and educates and empowers employees to be the first line of defence.