Home Did you know ? Malware Analysis Online: Why You Need It Now For Your Cloud Environment

Malware Analysis Online: Why You Need It Now For Your Cloud Environment

by Mic Johnson

There is rarely a company today that has not at least part of their environment in the cloud. Migrating to the cloud provides many benefits for organizations, including increased security since attackers tend to focus their malware efforts on attacking on-premises servers. However, cloud malware is on the rise and your organization needs the right tools and practices to protect your environment against it. In this post, we’ll explore the current challenges of malware protection in the cloud and give you tips for prevention.

Current Challenges in Cloud Security

The pandemic pushed companies into digitally transforming, migrating in droves to the cloud. Companies rapidly adopting cloud platforms and applications results in new security risks to take care of.

Attackers are in the cloud too

Your company has workloads in the cloud. There’s where your adversary lurks, looking at how to gain access to your data.

Attackers are focusing their efforts on cloud environments since this is where lucrative sensitive data and workloads are stored.

While most companies migrate to the cloud in an effort to strengthen their security, malicious actors discover that they can compromise cloud applications and assets with malware and Trojans. Once they gain access to a cloud, they move on compromising more sensitive assets. Thus, it is not a surprise that attacks against cloud-based accounts soared in 2020. According to McAfee, there were almost 3.1 million attacks on cloud user accounts in 2020.

The challenge of the shared responsibility model

Cloud providers work under a shared responsibility model. Although the model is widely known, it is often confusing to understand where the responsibilities of the provider end and the client begin.

Shared responsibility means the provider is responsible for the security of the cloud infrastructure, including storage, network, and service layers. The client organization is responsible for the security in their cloud environment, managing access controls, applications, accounts, and data.

Who is responsible for securing cloud workloads against malware attacks? In public clouds, this responsibility falls on the side of the organization. Therefore, companies usually don’t have adequate protection of their cloud environment against malware and advanced threats.

Current solutions are inadequate for advanced malware threats

Most organizations will deploy cloud workload protection and anti-malware solutions in an attempt to prevent malicious packages from entering their cloud. The problem with cloud workload protection solutions is that when finding malware, it will send it to the sandbox, isolate the asset and try to eliminate the malicious file.

These tactics don’t protect against related threats. How do you know if the malware succeeded in moving laterally? Do you know if there are compromised credentials as a result of the malware? Security agents provide no insight into related assets. In addition, most malware scans will only identify known threats, resulting in limited insights.

Best Practices for Detecting and Analyzing Malware in the Cloud

The latest supply-chain attacks showed attackers learned how to use the cloud to spread malware. What can you do to protect your organization? Here are some best practices to prevent malware:

1. Keep your systems and software updated and patched

Ensure all your systems and applications are patched regularly and have the latest updates installed. Be more strict with assets exposed to the public Internet, for example, your website. It may sound simple, but this will reduce vulnerabilities and security gaps attackers can exploit.

2. Control who accesses your cloud

Enforce the principle of least privilege in your Identity and Access Management for your cloud. Review periodically and reassign roles according to need-to-know, need-to-access.

3. Encrypt everything

All data, both at rest and in transit, should be encrypted. This should include your data in the cloud and on-premises.

4. Enforce security awareness

Considering that most attacks start because of a user falling to phishing or inadvertently clicking a malicious link, this may be one of the most effective measures to prevent attackers from accessing your organization. Increase your employee’s training to recognize and manage risks so they are part of your defence lines.

Why Using Use a Next-Gen Malware Analysis Software May Be the Solution

Legacy malware analysis products are highly ineffective against modern malware tactics. Typically, an organization would use a solution for malware analysis, another for sandboxing, and so on. The lack of orchestration often creates more problems than solutions. Security analysts need to manage several tools at the same time. A complete platform may eliminate many issues of legacy and outdated antimalware products. Look for a solution that gives you detailed answers about malicious files, identifying them quickly so your security team can act promptly.

Intezer malware analysis software provides in-depth malware detection and identification. The platform provides the context surrounding malware activity, tactics, family, and more. This enables security analysts to know for sure what type of malware they are facing.

Protecting your organization against cloud malware is not an easy feat. It requires strong scanning and analysis tools, a good dose of cybersecurity hygiene, and following cybersecurity best practices. Combined, these strategies can help your security analysts to promptly identify, respond and remediate malware attacks.

You may also like

Latest Hacking News

Privacy Preference Center

Necessary

The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.

cookie_notice_accepted and gdpr[allowed_cookies] are used to identify the choices made from the user regarding cookie consent.

For example, if a visitor is in a coffee shop where there may be several infected machines, but the specific visitor's machine is trusted (for example, because they completed a challenge within your Challenge Passage period), the cookie allows Cloudflare to identify that client and not challenge them again. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.

__cfduid, cookie_notice_accepted, gdpr[allowed_cookies]

Advertising

DoubleClick by Google refers to the DoubleClick Digital Marketing platform which is a separate division within Google. This is Google’s most advanced advertising tools set, which includes five interconnected platform components.

DoubleClick Campaign Manager: the ad-serving platform, called an Ad Server, that delivers ads to your customers and measures all online advertising, even across screens and channels.

DoubleClick Bid Manager – the programmatic bidding platform for bidding on high-quality ad inventory from more than 47 ad marketplaces including Google Display Network.

DoubleClick Ad Exchange: the world’s largest ad marketplace for purchasing display, video, mobile, Search and even Facebook inventory.

DoubleClick Search: is more powerful than AdWords and used for purchasing search ads across Google, Yahoo, and Bing.

DoubleClick Creative Solutions: for designing, delivering and measuring rich media (video) ads, interactive and expandable ads.

doubleclick

Analytics

The _ga is asssociated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.

The _gat global object is used to create and retrieve tracker objects, from which all other methods are invoked. Therefore the methods in this list should be run only off a tracker object created using the _gat global variable. All other methods should be called using the _gaq global object for asynchronous tracking.

_gid works as a user navigates between web pages, they can use the gtag.js tagging library to record information about the page the user has seen (for example, the page's URL) in Google Analytics. The gtag.js tagging library uses HTTP Cookies to "remember" the user's previous interactions with the web pages.

_ga, _gat, _gid