In the post-Covid-19 era, the traditional work environment is being replaced by the “Digital Workplace” or digital work environment. According to the OpinionWay study on hybrid work in France in 2023(1), 74% of executives stated that they practiced teleworking an average of 2 days a week in 2022. This choice is not surprising and coincides with the strong adoption of CRM solutions, instant messaging, and other collaborative platforms.
From a cybersecurity perspective, this adoption raises questions. How can companies effectively secure these data sharing environments? How can they ensure that one of the files uploaded does not contain malware? In the era of generative artificial intelligence, are traditional detection technologies like antivirus still capable of effectively protecting users? Our expert provides insights and analysis.
Forced adoption
The adoption figures for collaborative applications are staggering. According to the statistical analysis website Statista, Mountain View’s collaborative suite, Google Workspace, reportedly captured 50% of the global market for collaborative applications in the cloud in 2023(2), closely followed by Microsoft’s 365 suite with 48%. This amounts to no less than 6 million companies using the firm’s digital work environments on a daily basis(3), with over 2 billion active users for Google and 1.4 billion users for Microsoft. In 2023, Google Drive hosted 2.5 trillion files, and 70% of users accessed it from mobile devices. This massive usage raises concerns among cybersecurity experts.
According to Bruno Leclerc, Sales Director at GLIMPS, “Cyberattacks targeting collaborative and business work environments in the cloud pose a real problem for companies. Accustomed to approaching cybersecurity from the perspective of perimeter security, they lack cybersecurity tools other than traditional antivirus to detect the presence of malware in the storage space (Google Drive, Dropbox, OneDrive, etc.). As a result, it is the user who triggers the malicious payload when opening the file on their workstation. This is a real challenge for companies to address this blind spot.”
While the depositing of a malicious file in a storage space may not pose an immediate risk, sharing and executing it within the company’s information system by an employee is a real concern. These cloud environments are now synchronized with workstations and could allow cybercriminals to easily propagate ransomware by leveraging the native functionality of these platforms.
According to Bruno Leclerc, “this modus operandi is perfectly suited for a whaling attack, where senior executives of a company are targeted. As avid users of Excel spreadsheets, this type of attack could at best paralyze the company and at worst serve as a means for attempted espionage for economic intelligence purposes.”
According to Gartner, risk managers and CISOs should prioritize securing web applications. Beyond restricting the type of files that can be uploaded, companies should implement detection mechanisms such as static analysis using Deep Learning, sandboxing, or a Content Disarm and Reconstruction (CDR) solution, which allows for the removal of offensive capabilities from the implicated file.
The inevitable replacement of antivirus software
Formerly based on signature-based detection and later evolving into “Next-Generation AV” (NGAV) through the integration of heuristic analysis, antivirus software continues to struggle to provide real detection capabilities in the face of the emergence of polymorphic malware created using generative artificial intelligence.
According to Bruno Leclerc, “collaborative and business platforms usually rely on antivirus software to scan and detect modified or newly created files.” While this method can detect the most straightforward cases, the results collapse when facing more complex cases. “Malware is designed to be undetectable by traditional antivirus software. They also have the ability to detect if they are running in a sandboxed environment. The processing time required for this type of analysis is currently too long for collaborative use, which poses problems in operational conditions.”
Regarding the inability of antivirus software to detect malware developed using ChatGPT, the proof of concept has been demonstrated. In April 2023, cybersecurity expert Aaron Mulgrew successfully had an AI develop a malicious file distributed via Google Drive, which 90% of the antivirus vendors on the VirusTotal platform were unable to detect(4). Beyond the technical achievement, this proof of concept demonstrates the offensive capabilities that generative artificial intelligence provides to cybercriminals. This ability to generate malicious code is likely to become industrialized if it has not already.
Using concept-code analysis to overcome the weaknesses of traditional antivirus software
To address the shortcomings of antivirus software, the concept-code analysis of GLIMPS Malware allows for the definition of a score through static analysis. By comparing the code, Deep Learning algorithms can provide a response in less than 5 seconds. The algorithm analyzes the file with a “macro” perspective without needing to execute or decompile it. Thus, the analysis is nearly instantaneous, and the victim company’s collaborative platform only needs to take remedial action and notify the administrator.
According to Bruno Leclerc, this threat also applies to the core tools of large enterprises, such as insurance companies or banks, where clients upload documents. “A common use case is in the insurance sector, where a client who has experienced water damage must upload a PDF file to report the claim. Therefore, the insurance company must analyze and detect any threats before its operator opens the document to process the request. Integration in this case is facilitated through an API endpoint. GLIMPS Malware accesses the uploaded files, analyzes them, and provides a danger score even before the file is processed by an employee of the company.”
The GLIMPS Malware platform has been successfully tested in this use case, processing no less than 1 million files per month for French government ministries.
Conclusion
To prevent collaborative and business applications from becoming springboards for cybercriminals, companies must protect these environments as they would protect network flows or restrict user rights. The GLIMPS Malware solution interconnects in the same way as an antivirus software. To discover more about it, contact us.
Références :
(1) https://www.itforbusiness.fr/le-teletravail-s-impose-chez-les-cadres-57543
(2) https://www.statista.com/statistics/983299/worldwide-market-share-of-office-productivity-software/
(3) https://marketsplash.com/google-workspace-statistics/
(4) https://www.forcepoint.com/blog/x-labs/zero-day-exfiltration-using-chatgpt-prompts