Contributed by George Mack, Content Marketing Manager, Check Point Software.
A recent report has revealed that OneDrive is responsible for 30% of all cloud malware downloads, a far higher percentage than most other cloud applications. This is a dramatic increase of almost three times the amount from the previous year. This report highlights the need for greater security measures when using cloud storage applications.
Other cloud-based services that have been identified as vectors for malware downloads include SharePoint, which accounts for 7.2%, Gmail with 4%, Box with 3.6%, and Google Drive with 2.8%.
For the second year in a row, OneDrive has been the most widely used service for hosting malware. Hackers take advantage of these legitimate applications to upload and spread malware, as anyone can create an account on these sites. The associated brand recognition of Microsoft helps gain the victim’s trust to download the malware.
Thus, it is essential to scan any files originating from these sites. When a malicious file is downloaded from OneDrive, Drive, SharePoint, ShareFile, Box, or Dropbox, you need to have a security system in place that can detect and quarantine it to prevent it from spreading.
Ransomware is a particularly dangerous type of malware in this saga. Not only can it be delivered through OneDrive, but also to OneDrive, effectively targeting organizations’ data in the cloud and launching attacks on cloud infrastructure.
According to researchers, this approach involves using the built-in user-controlled versioning function to minimize the number of stored versions to one. This setting can be found in the versioning settings under list settings for each document library in OneDrive. However, setting the version limit to zero does not work for an attacker as existing versions can still be recovered by the user. If the limit is set to one, the file only needs to be encrypted twice before existing versions of the content are no longer accessible to the user. This gives the attacker the option of initiating double extortion if the file is exfiltrated prior to encryption.
With these threats in mind, what security solution can best prevent these attacks?
Check Point’s Harmony Email & Collaboration Suite provides a range of security measures to protect sensitive information and detect suspicious activity.
Data Leak Prevention and user behavior anomaly detection work together to identify compromised accounts and logins.
Content Disarm & Reconstruction (CDR) is an additional measure that helps protect end users from zero-day threats. This is accomplishing by removing any executable content from incoming files, rendering them safe for the recipient. All of this is done instantly and efficiently.
CDR is a process that works in real-time to break down files into their individual components, remove any elements that do not conform to the original file type’s specifications, and rebuild a “clean” version that can be sent to its intended destination. This process is beneficial because it removes zero-day malware and exploits, while avoiding the negative impacts on business productivity that come with sandbox detonation and quarantine delays.
Gartner, a leading research and advisory company, has declared that a Content Disarm and Reconstruction (CDR) system is an essential component of any email security solution. As cyber threats become more sophisticated, it is important for organizations to invest in a comprehensive email security solution that includes a CDR system.
Instances of malware sent through cloud services are rapidly increasing, posing a major risk for businesses. If you are not taking steps to protect these critical applications, then you are significantly heightening the chances of a major attack.
Check Point’s Harmony Email & Collaboration security solution is an invaluable tool for businesses of all sizes. It provides comprehensive protection against the latest email threats, such as phishing, malware, and ransomware. It also includes advanced analytics to detect and respond to suspicious activity. In addition, Harmony helps businesses comply with data privacy regulations, such as GDPR and HIPAA. With its advanced security features, Harmony Email & Collaboration can help businesses protect their data and ensure compliance with regulations.
If your organization needs to strengthen its security strategy, be sure to attend Check Point’s upcoming CPX 360 event. Register here.
Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the CyberTalk.org newsletter.