Posted by Kalyani M. on Aug 16, 2013
The spread of malware through popular cloud services has scared some users into staying away from the cloud altogether. Hackers and malware creators have used various clouds and cloud services as vehicles for malware, using the prestige of cloud providers like Dropbox as a disguise for their malicious software. Businesses that employ unprotected cloud services could be vulnerable to attack while jeopardizing the entire network’s safety. But with a private cloud service, users can take advantage of all the cloud has to offer without worrying about hacking, leaks, or data mining.
According to Commtouch’s Q2 Internet Threats Trend Report, spam distribution around the world is becoming even more narrowly targeted. Avi Turiel, director of threat research and market analysis at Commtouch, says, “The spam and email security landscape in general became much more diversified according to region during the second quarter of 2013. The discrepancies between the development of spam levels globally and in specific regions such as Germany show that that the growing trend toward targeted spam and malware distribution has started to affect spam levels in a significant way. This trend has begun to transform the way spam and malware distribution works, posing new detection challenges for security vendors.” This means that as malware evolves to take on new cloud models, it becomes harder and harder to detect.
The threat of malware challenges security experts from all around the world. A recent report by Kaspersky Lab of Indian participants of the Kaspersky Security Network (KSN), found that 35.6% of users suffered some sort of malware attack. And a report by the Hong Kong Computer Emergency Response Team (HKCert) shows that instances of online security breach have risen 12% from last year. Along with hacking, about half of the attacks also came from botnets, infected computers that are networked into malicious robots. The other half of the attacks came from a combination of viruses, phishing, denial-of-service (DoS), and spyware. Leung Siu-cheong, senior consultant at HKCert’s Coordination Centre, said, “Enterprises and internet users should make it a habit to maintain the security patches on their personal computers, keep servers up to date and adopt firewalls and anti-malware software. Businesses, in particular, should establish policies on the classification and protection of sensitive data [and] manage both mobile devices at work and the service level of cloud service providers. In short; they should be well-prepared for large-scale attacks.” It short, it seems that for now protecting data from the threat of malware is just the newest security standard as attacks continue to rise.
Malware creators are getting creative in finding new channels for their attacks. At a recent Black Hat conference in Las Vegas, security experts discussed the growing trend of malware writers using cloud services and file hosting website as tools for spreading malware. According to Michael Sutton, vice president of research at ZScaler, “Attackers are starting to leverage hosting services. It used to be that [attackers] would set up their own servers. Then we saw them infecting legitimate third-parties. Now they are using hosting services. They are no longer paying for hosting [malware] and are less likely to get blacklisted.” This new strategy seems to be working, as indicated by the growth in numbers of attacks this year. And the threat of malware is only sure to grow. The recent Def Con Hacking Conference in Las Vegas showed the world the threat of malware from official malware businesses like the Russian Malware Headquarters. But black hats and malware factories shouldn’t keep anyone from enjoying the benefits of the cloud. With a private cloud service, anyone can store and sync with full security as long as the service provides strong encryption and doesn’t host encryption keys or plaintext
Safety in the Cloud
Users looking for a third party cloud service that offers true protection, can find it a challenge as many “secure” services out on the market still have glaring security gaps that leave sensitive data wide open to third party attacks and even governmental spying, under the shadow of the controversial NSA PRISM program. A cloud storage and sync service that stands out with strong protections is SpiderOak. This private cloud service offers fully secure cloud storage and syncing, with all of the benefits of the cloud along with 100% data privacy.
SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and approved devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely zero-knowledge of user passwords or data. All plaintext encryption keys are exclusively stored on approved devices and SpiderOak never hosts any plaintext data. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility.