Bitglass, a Cloud-Access Security Broker (CASB) company, released a new report in which it revealed that a large number of files hosted on popular cloud hosting services are infected with malware that isn’t detected by built-in antivirus protections. The company also uncovered a new ransomware variant called ShurL0ckr that was able to bypass Google and Microsoft’s own cloud antivirus protections.
Bitglass and its antivirus technology partner Cylance identified a new variant of the Gojdue ransomware called ShurL0ckr. Although Microsoft’s antivirus can detect Gojdue, according to Bitglass, neither Office 365’s built-in anti-malware protection nor Google Drive’s own built-in antivirus were able to detect the ShurL0ckr variant.
Only five of the 67 antivirus engines leveraged by VirusTotal were able to detect ShurL0ckr, with Cylance’s own antivirus being one of them.
Malware “Pervasive” In The Cloud
The Bitglass team also scanned tens of millions of cloud-hosted files and discovered a high-rate of infection in cloud applications, as well as a low-efficacy rate in detecting infected malware even from the cloud services that come with built-in antivirus protection.
According to the research team, 44% of the cloud services companies had some form of malware in at least one of their applications. The company found that Microsoft’s OneDrive saw the highest number of infected files (55%), with Google Drive following it closely at 43%. A third of Dropbox and Box-hosted files were found to be infected, too.
Bitglass also identified the top file categories by infection rate. Perhaps unsurprisingly, the most common by far are scripts and executables (42%), which can launch malicious applications with a single click. Microsoft Office files was the second most common type of infected files (21%), because enterprise users tend to open them without hesitation.
Mike Schuricht, VP of Product Management at Bitglass, said:
Malware will always be a threat to the enterprise and cloud applications are an increasingly attractive distribution mechanism. Most cloud providers do not provide any malware protection and those that do struggle to detect zero-day threats. Only an AI-based solution that evolves to detect new malware and ransomware can keep cloud data secure.