The adoption of cloud applications (apps) and services is accelerating unabated as organizations increasingly look to take advantage of the business, collaboration and productivity benefits these apps provide. The flip side, however, is that the cloud is increasingly home to high-value confidential corporate and personal data, making cloud apps prime targets of cybercriminals.
Exploitation and malware distribution attacks in the cloud, in particular, should be treated as an arms race between cloud security firms and cybercriminals. As cybercriminals find design vulnerabilities in cloud apps that leave them vulnerable to attack and identify exploitable cloud user behaviors, cloud security vendors need to step in to fill the security gaps that cloud app vendors cannot.
Malware distribution mechanisms have become more advanced as attackers have begun using cloud storage services, such as Google Drive and Dropbox, to distribute malware. Many examples in which malware such as Petya and Cerber ransomware were distributed via DropBox and Office 365, respectively, have been encountered recently. Attackers are deploying advanced malware-hosting techniques, such as obfuscation, camouflaging and metamorphism, to hide the malicious content in cloud-hosted files and then distributing those files to a large number of Internet users as a part of drive-by download attacks.
Malware distribution is not the only threat. Cloud apps are also susceptible to targeted phishing attacks, sensitive data exposure, account hijacking and other exploits. By leveraging new security approaches, such as massively scalable cloud-based architectures and sophisticated data science and machine learning technologies, cloud security vendors, and the enterprises they seek to protect, can get a leg up on the “bad guys.” Some countermeasures and proactive steps include:
- Leverage user behavior analytics (UBA) using data-science-powered and machine learning techniques to detect anomalies in the cloud network traffic to unearth potential threats. The idea is to analyze deviations in users’ profiles based on their usage and interaction with cloud apps.
- Perform continuous monitoring of sensitive content being uploaded and shared via cloud apps and enforce policies to govern sharing of this sensitive or compliance-related data to conform with enterprise policies. Malware attacks can be either subverted or the impact can be reduced as enterprises gain visibility into both cloud app and non-cloud app channels.
- Scan files sitting in enterprise cloud apps via application programming interfaces using an advanced malware analysis engine to ensure that files do not carry any unauthorized code for distribution.
Read Aditya K Sood and Rehan Jalil’s recent Journal article:
“Cloudifying Threats—Understanding Cloud App Attacks and Defenses,” ISACA Journal, volume 1, 2018.