One might think that the cloud is more secure than on-premise servers because of its data durability and more consistent patch management features. Despite its inherent security, there are several threats to cloud security that businesses need to address from time to time. One such threat is cloud-based malware. Malware delivered over the cloud increased by 68% in early 2021 which made a variety of cyber attacks possible.
Businesses are often under the impression that their cloud provider/vendor is responsible for handling any issues related to cloud based malware. To some extent, this is true, cloud providers protect the cloud infrastructure in several areas but under the “shared responsibility model”, the business is also responsible for taking care of threats. This also applies to malware attacks, it is the business’ responsibility to have a plan ready to deal with such attacks when they come along.
In this blog, I briefly discuss how businesses can protect themselves against malware attacks on the cloud, but first and foremost, it is important to know how these malwares enter the cloud environment in the first place.
One of the most common ways a malware can enter the cloud ecosystem is through a malware injection attack when a hacker attempts to send malicious code, service or even virtual machines to the cloud system. Some of the most common malware injection attacks are SQL injection attacks where SQL servers in the cloud are attacked and cross-site scripting attacks which execute bad scripts on victim web browsers. Along with malware injection attacks, malware also gets to the cloud through file uploads and in 2021 Malware delivered through cloud storage apps such as Microsoft OneDrive, google drive and box accounted for 69% of all cloud malware downloads.
So, how can businesses protect themselves better against malware threats? Here are some wayshow:
1. Patching cloud security holes
Hackers can use several weak points to get into cloud environments and once they gain access to the cloud, they are able to drop cloud-based malware such as cryptominers and ransomware into it. Patching existing holes in your cloud security system should be considered the first line of defence against cloud-based malware.
As part of best practices, a strong identity and access management (IAM) policy is essential. It is estimated that IAM misconfigurations can lead to upto 65% of detected cloud data breaches. It is also important for businesses to properly configure public APIs and also set up the cloud storage correctly. The right cloud storage setup is important especially when the cloud is present as infrastructure-as-a-service, because if it isn't, companies risk a data breach due to misconfiguration.
2. Securing endpoints to detect malware before its entry into the cloud.
Endpoint detection and response is a great “second line of defence” against cloud-based malware. At any given point, it is important for a business to know about all endpoints and whether they are infected, because if these infected endpoints go undetected there is a chance they will sync to the cloud storage where it can infect other files.
There are some features of endpoint detection that businesses can look into. Endpoint detection and response constantly monitors endpoints and can create a set of data that can be analysed to identify any indicators of compromises. It also prevents lateral movement of an attack by allowing isolation of the device, network or a process of the device. Furthermore, Endpoint detection and response can map changes related to malware, remove any infection and return endpoints to a normal state.
As the threats to cybersecurity increase in number and intensity, it is becoming more and more important for organisations to invest in the best protective measures and this also means great cybersecurity talent. Savant has a Cloud practice with a wide network of cloud security experts. We can support you with the best talent in the industry that can be technically vetted through our partnerships with experts and market-leading onboarding advice and consultation. To know more about how we can assist you, please reach out to us at - technology@savantrecruitment.com
