Although cloud-based file storage services have long been popular among Internet users, the indisputable convenience of such services is to some extent offset by a number of risks. For example, many users often follow the advice of gurus and store scans of their passports and other documents in the cloud – though sometimes vulnerabilities in the service can jeopardise the security of their personal data. At the same time, using cloud technologies for purposes other than those for which they were designed can do even more harm.
For example, it’s easy to find sets of instructions for computer owners who want to use such services effectively to remotely control and monitor their machines, control torrent downloads etc. By following these recommendations, users inadvertently create different kinds of security gaps which can be easily exploited by cybercriminals – particularly in the case of targeted attacks. Kaspersky Lab experts warn about the risk of a corporate network being infected via cloud services.
One possible scenario is cybercriminals gaining control of an employee’s laptop via a cloud service. This could happen when the employee is away from the office. If infected documents are placed in cloud folders, generally a cloud service will automatically copy them to all devices connected to the corporate network that also run the same service.
Most popular cloud storage applications available today have this automatic synchronisation feature.
After analysing data from consenting Kaspersky Lab users, the experts determined that about 30% of the malware found in cloud folders on home computers is planted via synchronisation mechanisms. For corporate users, the figure reaches 50%. It should be noted that while corporate users more typically have infected Microsoft Office files in their cloud folders, on the computers of home users these often co-exist with malicious Android apps.
“A careful analysis of statistics has shown that the risk of the corporate network being infected via cloud storage is currently relatively low – one corporate user in 1,000, risks having his or her computer infected during a one-year period. However, it should be kept in mind that, in some cases, even one infected computer can result in an outbreak engulfing the entire network and causing significant damage. Configuring the firewall to block access to these services is a painstaking process, which requires constant updates of firewall settings.” commented Kirill Kruglov, Senior Research Developer at Kaspersky Lab.
A standard recommendation for system administrators in this case is to install a fully functional security suite featuring heuristic and behavioural antivirus protection, access control (HIPS), operating system control (System Watcher or Hypervisor), protection against vulnerability exploitation, etc. on each workstation on the network.
Kaspersky Lab recommends taking advantage of the innovative Application Control technology included in its corporate solution, which can block any software from running if it is not explicitly allowed by the system administrator. Application Control will protect the corporate network against targeted attacks via cloud services without interfering with users’ normal work.
Kaspersky Security Network (KSN) is a complex distributed infrastructure dedicated to processing depersonalized cybersecurity-related data streams from millions of voluntary participants around the world. It delivers Kaspersky Lab’s security intelligent to every partner or customer who is connected to the Internet, ensuring the quickest reaction times and maintaining the highest level of protection.