Tuesday, February 16, 2016

Does Cloud Storage Offer Protection from Malware such as Cryptolocker?

Recently we had a run in with the CryptoLocker malware, you can read about it here. The malware did a fair amount of damage across our file server but it was easily rectified by rolling back to shadow copies and traditional backups of files.

Of course, in writing the inevitable incident report, I began pondering the future and posed the question,

Given that traditional storage is giving way to cloud storage, does cloud storage in its broadest sense reduce or even eliminate the possibility of CryptoLocker, or similar malware in the future? - and -  in any case, what are our recovery options from the major vendors?

More or Less Vulnerable?
First, looking at the question of vulnerability, it very much depends on your access methods. All of the cloud services have web browser access to files, apart from general vulnerabilities in the browser itself, this is a pretty safe access method. If your password isn't compromised, it's unlikely that any of today's malware will be able to do widespread damage along that vector. Not unless you end up with a malicious browser add-on, and even then, damage is likely to be limited. The browser interfaces don't make it easy to automate mass encryption of files -- it's far more likely that your password will be compromised and provided to the attackers.

The most likely forms of attack along the web vector are in the form of password capture, particularly via spoofing. In other words someone either changes the DNS on your computer to point you to a different web site or they run a keylogger to capture your password. 

Then there's access via specialised apps on specialised hardware, such as Google Drive, the IBM Connections or Microsoft OneDrive, and their associated Apps, such as the IBM Connections Editor, Google docs, sheets or slides and Microsoft Office 365. This is probably the safest kind of access at the moment. All of the security settings and general access is controlled within the app.

These apps are arguably safer on phones and tablets, where they’re in a more “closed world”. The exception of course being the Windows tablet, which by definition probably has many of the same vulnerabilities as a Windows computer.

Connecting File Systems
Where this all comes unstuck however is when you directly connect a cloud service to your file system and enable synchronisation features.  For example using Microsoft OneDrive connector downloaded on your PC, or the IBM Connections Desktop Plugin or the downloadable version of Google Drive will make your file systems seamless to you … and unfortunately, to any malicious applications.

I think this needs to be on everyone's list of corporate, and probably home, “no no’s”.



Backups and Restoration
The great thing about cloud computing solutions seems to be that they back up constantly and that different versions can be restored easily.


  • Google DriveGoogle drive more or less saves after every change.  There’s a message at the top of the screen which says “saving” or “all changes saved in drive”.  If you click on that message, you can view older versions of your file in varying degrees of detail and you can restore any of those versions.  Of the three cloud solutions I looked at, Google Docs was clearly the most advanced when it came to saving and restoring. Head and shoulders above the rest.
  • Office 365I found the office 365 backups to be less comprehensive, In particular, using the Word application itself results in far fewer saves. Word online however does save as you make changes but it also doesn't handle the formatting of the offline versions very well. Restoring is via a simple right-click menu but I found the menu to be somewhat dysfunctional. Hopefully Microsoft will get this fixed soon.
  • IBM Connections
    Connections saves whenever you upload a replacement file or whenever you choose to save a document or page in progress. You can restore from any of these points, and they are clearly presented. What connections seems to lack, at least in some contexts, is a proper editor. There’s an editor on mobile devices but it is often completely missing on the browser --  though sometimes it's available.  Getting to restores is very easy, getting into edit mode is not. 


In Conclusion
Getting around single file encryption with minimal data loss in all three systems seems to be a relatively simple matter and clearly cloud storage provides a safer computing option than standard file share computing environments -- provided that you’re not using any file system connectors.  

The one thing that does seem to be missing in cloud systems is a wholesale recovery option for when an entire drive or folder is encrypted. Instead, users of these systems are expected to restore files individually. At least it is easy enough that it doesn't require any IT involvement. 

No comments: