“The notion that a specific malware family evades detection by antivirus tools is not surprising. Attackers continually find ways of getting around AV tools, due to the inherent weaknesses of any approach to detecting malicious software on the basis of previously seen patterns,” said Lenny Zeltser, vice president of products at Minerva Labs. “This is a reality for all times of AV solutions, regardless whether they employ AI or not. It’s good to see that there’s an increasing awareness of such limitations, since it leads to organizations considering how to expand their security architecture to augment baseline AV protection with additional countermeasures.”
ShurL0ckr Ransomware doesn’t use any unusual advanced evasion or obfuscation techniques, but it’s “the idea of targeting cloud applications (specifically enterprise file sharing) is what made ShurL0ckr a success in terms of infection,” said Meni Farjon, Co-Founder and CTO at SoleBIT Labs. “The sad truth is that today, most cloud services providers still do not supply advanced malware detection capabilities, thus making this vector a perfect choice for attackers who aims to infect corporate users on a massive scale.”
Bitglass said that 44 percent of organizations that were scanned had some form of malware in at least one of their cloud applications, with a third of corporate SaaS apps containing malware. The company noted that Microsoft OneDrive topped the list with an infection rate of 55 percent followed by Google Drive at 43 percent. Dropbox and Box tied it up at 33 percent.