Bitglass, a Cloud-Access Security Broker (CASB) company, released a new report in which it revealed that a large number of files hosted on popular cloud hosting services are infected with malware that isn’t detected by built-in antivirus protections. The company also uncovered a new ransomware variant called ShurL0ckr that was able to bypass Google and Microsoft’s own cloud antivirus protections.
Bitglass and its antivirus technology partner Cylance identified a new variant of the Gojdue ransomware called ShurL0ckr. Although Microsoft’s antivirus can detect Gojdue, according to Bitglass, neither Office 365’s built-in anti-malware protection nor Google Drive’s own built-in antivirus were able to detect the ShurL0ckr variant.
Only five of the 67 antivirus engines leveraged by VirusTotal were able to detect ShurL0ckr, with Cylance’s own antivirus being one of them.
Malware “Pervasive” In The Cloud
The Bitglass team also scanned tens of millions of cloud-hosted files and discovered a high-rate of infection in cloud applications, as well as a low-efficacy rate in detecting infected malware even from the cloud services that come with built-in antivirus protection.
According to the research team, 44% of the cloud services companies had some form of malware in at least one of their applications. The company found that Microsoft’s OneDrive saw the highest number of infected files (55%), with Google Drive following it closely at 43%. A third of Dropbox and Box-hosted files were found to be infected, too.
Bitglass also identified the top file categories by infection rate. Perhaps unsurprisingly, the most common by far are scripts and executables (42%), which can launch malicious applications with a single click. Microsoft Office files was the second most common type of infected files (21%), because enterprise users tend to open them without hesitation.
Mike Schuricht, VP of Product Management at Bitglass, said:
Malware will always be a threat to the enterprise and cloud applications are an increasingly attractive distribution mechanism. Most cloud providers do not provide any malware protection and those that do struggle to detect zero-day threats. Only an AI-based solution that evolves to detect new malware and ransomware can keep cloud data secure.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks
Russian military botnet discovered on 1000+ compromised routers — FBI deactivated Moobot by taking control of impacted routers