Report: New Hybrid Security Threats on the Rise
Fresh off the heels of last week’s announcement that it raised an investment of $100 million, security startup Netskope today released its latest cloud report data highlighting a new kind of security threat.
![Report: New Hybrid Security Threats on the Rise Report: New Hybrid Security Threats on the Rise](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltedf7a3345a73192d/65245fd4bbb338eaf0cc7ef4/Screen_Shot_2017-06-13_at_2.21.39_PM_0.png?width=700&auto=webp&quality=80&disable=upscale)
1. Malware infects user device via phishing email, compromised website, cloud service with infected file, etc.
2. Once malware is downloaded, it calls to various services like websites, delete cloud storage services, or even IaaS servers to download fragments of malicious code.
3. Malicious fragments are downloaded onto device with security solutions seeing these downloads as innocuous as they haven’t been pieced together yet.
4. Initial malware decrypts and compiles the downloaded fragments to start an attack or whatever functions the malicious code is supposed to perform.
When hybrid threats involve both cloud and web, security solutions can have a difficult time detecting them. A given security solution needs to scan the entirety of a file before coming to conclusions about it. Some may detect the web component while others only the cloud part. But without full context across the kill chain, it’s difficult to identify and remediate this kind of threat. Oftentimes, when a security solution detects only one portion of these fragmented threats and attacks, the actions are recognized as being innocuous (there’s no reason to identify a call to an AWS server as malicious) when it’s actually the setup to comprising a user.
This quarter, the Netskope Threat Research Labs found that adware surged to first place with 31.7 percent of all detections. Backdoors dropped to second in detections with 16.9 percent. The rest of the breakdown is as follows:
Mobile malware 15.3 percent
Generic detections 15.0 percent
Mac malware at 11.0 percent
The common ransomware delivery vehicles totaled 9.8 percent, consisting of
Microsoft Office macros with 4.3 percent
Javascript 2.4 percent
PDF exploits 1.3 percent
Flash exploits 0.3 percent
The Netskope Threat Research Labs found that the initial malware infection can be accomplished by a variety of methods, including being download directly from a cloud storage service link shared by others. This is a prime example of the “fan-out” effect where synced folders can propagate malware-infected files to all users that the file is shared with.
Another way a user can get the initial malware that initiates the fragmented attack is by visiting compromised websites. These websites may be legitimate websites that have been compromised by malicious ads or iframes. As the cloud and web blend together, expect to see more of this. Since they use APIs to pull together content from various other sites and cloud services to deliver ads and content, websites are increasingly dynamic and look more like cloud services.
Another way a user can get the initial malware that initiates the fragmented attack is by visiting compromised websites. These websites may be legitimate websites that have been compromised by malicious ads or iframes. As the cloud and web blend together, expect to see more of this. Since they use APIs to pull together content from various other sites and cloud services to deliver ads and content, websites are increasingly dynamic and look more like cloud services.
Fresh off the heels of last week’s announcement that it raised an investment of $100 million, security startup Netskope today released its latest cloud report data highlighting a new kind of security threat. The data show that as the lines between web and cloud services continue to converge, security threats have evolved to span across these domains. IT administrators now face so-called ‘blended threats,’ in which malware uses a hybrid of both cloud and web services to deliver malicious payloads or perform an attack on a system or user.
Click through to check out the top five takeaways for the security-savvy IT professional.
About the Author(s)
You May Also Like