The "Cloud Attack Fan-Out" Effect: Data Breaches in Today's Enterprise Environment

Krishna Narayanaswamy
Co-founder & Chief Scientist-Netskope
Thursday, October 13, 2016
Krishna Narayanaswamy
Enterprise cloud adoption is rapidly accelerating, not only in terms of migrating workloads to the cloud but also the volume of data originated, shared, and stored via cloud apps. Businesses now use an average of 935 cloud apps, the vast majority of which IT is unaware. In fact, organizations underestimate the scope of cloud app adoption by a factor of 10, creating a huge problem when it comes to securing and controlling the ever-growing volume of cloud apps in enterprises.

There has also been a considerable rise in malware that specifically targets cloud apps, which has greatly exacerbated IT's visibility and control challenge. These threats run the spectrum from spear phishing attacks, where attackers seek unauthorized access to specific data, to more sophisticated attacks that target entire organizations, such as ransomware. With 11 percent of enterprises having sanctioned cloud apps known to be laced with malware, these attacks are putting employees and sensitive data at greater risk than ever before.

The Fan Out Effect

The cloud now plays a critical role in the spread of ransomware. Ransomware, for those unfamiliar, is a targeted attack in which malware infects a user's device and all of the data stored on it (often delivered via malicious code stored in a given cloud app) and then locks the user out of it until the user (or the user's organization) pays a ransom to the attackers. In an enterprise environment where employees use a growing number of connected devices that have capabilities like sync and share, data is constantly in transit. While syncing and sharing in the cloud may be easy for employees, it can come at a high price. Cloud apps can inadvertently spread ransomware to other users and endpoints that are connected to that cloud synchronization service. This effect is called the "cloud attack fan out."

If malicious files or code infect a single user's client device, they can spread exponentially to infect an entire organization. When a user becomes infected, ransomware encrypts the infected files. Upon syncing to the cloud, these encrypted files replace the normal files. Employees with whom the infected user has shared the files then sync their desktop folders with the cloud, thereby bringing the encrypted files onto their desktop. The ransomware has now spread across the enterprise.

Share on Twitter
Share on LinkedIn
Share on facebook