Knowledge base

January 30, 2023

Do you use OneDrive or Google Drive? Beware of this malware

A recent report found that OneDrive is responsible for 30% of all cloud malware downloads, a much higher percentage than most other cloud applications. This is a dramatic increase of nearly three times the amount from the previous year. This report highlights the need for better security measures when using cloud storage applications.

Other cloud-based services identified as vectors for malware downloads are SharePoint, which accounts for 7.2%, Gmail with 4%, Box with 3.6% and Google Drive with 2.8%.

For the second year in a row, OneDrive is the most used service for hosting malware. Hackers use these legitimate applications to upload and spread malware because anyone can create an account on these sites. Microsoft’s accompanying brand recognition helps gain the victim’s confidence to download the malware.

So it is essential to scan all files coming from these sites. When a malicious file is downloaded from OneDrive, Drive, SharePoint, ShareFile, Box or Dropbox, you must have a security system that can detect and quarantine the file to prevent its spread.

Ransomware is a particularly dangerous type of malware. It can be delivered not only through OneDrive, but also to OneDrive, effectively targeting organizations’ data in the cloud and launching attacks on the cloud infrastructure.

According to researchers, this approach includes using the built-in user-controlled version control feature to minimize the number of stored versions to one. This setting can be found in the version control settings under list settings for each document library in OneDrive. However, setting the version limit to zero does not work for an attacker because existing versions can still be restored by the user. If the limit is set to one, the file only needs to be encrypted twice before existing versions of the content are no longer accessible to the user. This allows the attacker to initiate double extortion if the file is exfiltrated prior to encryption.

With these threats in mind, what security solution can best prevent these attacks?

Data leak prevention and detection of anomalies in user behavior work together to identify compromised accounts and logins.

Content Disarm &Reconstruction (CDR) is an additional measure that helps protect end users from zero-day threats. This is accomplished by removing all executable content from incoming files, making them safe for the recipient. All of this is done immediately and efficiently.

CDR is a process that works in real time to split files into their individual components, remove elements that do not meet the specifications of the original file type, and rebuild a “clean” version that can be sent to the intended destination. This process is beneficial because it removes zero-day malware and exploits, while avoiding the negative impacts on business productivity associated with sandbox detonation and quarantine delays.

Gartner, a leading research and advisory firm, has stated that a Content Disarm and Reconstruction (CDR) system is an essential component of any e-mail security solution. As cyber threats become more sophisticated, it is important for organizations to invest in a comprehensive email security solution with a CDR system.

Cases of malware transmitted through cloud services are increasing rapidly and pose a major risk to businesses. If you do not take steps to protect these critical applications, you significantly increase the chances of a major attack.

Source: checkpoint

Want to know more?

Get in touch

Tech Updates: Microsoft 365, Azure, Cybersecurity & AI – Weekly in Your Mailbox.