How does Malware Impact the SaaS Stack?
Malware is harmful code designed to infect, damage, or provide access to computer systems. It can take many different forms, including viruses, worms, Trojan horses, ransomware, adware, and spyware. While it is easy to understand how that impacts a computer or mobile device, it is less clear when discussing SaaS applications.
However, malware can be used for various purposes, such as stealing sensitive information, destroying or altering data, causing system failures or crashes, and creating a backdoor for hackers to gain unauthorized access to a system. It spreads through infected email attachments, downloads, malicious websites, or vulnerabilities in a system’s software or security protocols.
Research has shown that 40% of businesses using SaaS applications have malware hidden within the files and documents stored in their SaaS stack. Almost any file, from presentations, spreadsheets, and documents to images and PDFs can have harmful malware embedded within it. Once the file is accessed, the malware may have a chance to enter the user’s device or network and cause damage.
SaaS applications include settings designed to prevent the spread of malware in this manner. These configurations can protect against malware, as they reduce the vulnerabilities in a system that malware can exploit. Malware often targets known security weaknesses and exploits them to gain access to a system or to spread throughout a network. By setting security configurations, users remove these vulnerabilities and make it more difficult for malware to gain a foothold in your system.
Prevent Clickjacking in Salesforce
Clickjacking is a type of attack that takes something which appears safe, such as a button or link on a webpage, and hides a malicious link within it. Once clicked upon, it can lead to data intrusions, unauthorized email, credential changes, or other site-specific results.
Within Salesforce, hidden iframes can be maliciously placed to entice users to click buttons and links that are in the hidden iframe. Once the user clicks on the link, they have triggered some type of attack.
There are four levels of protection to prevent clickjacking attacks from taking place:
- Allow framing by any page (no protection)
- Allow framing of site pages on external domains
- Allow framing by same origin only
- Don’t allow framing by any page
Malware Protection Configuration Benchmarks in Salesforce
Here are the malware configuration benchmarks that you can use to measure your security posture.
Please note: Data in these tables comes from over 200 anonymized customer tenants in the Adaptive Shield platform
Prevent Malware from From Striking that Already Reached Microsoft Inboxes
The best way to prevent malware from causing any damage is to prevent it from reaching your users’ inboxes. However, malware does occasionally find a way to get past filters and checks within email gateways and make its way to the user.
With Zero Hour Auto Purge enabled, Microsoft 365 continues to check unread messages in the inbox for malware. This advanced level of protection stops all types of malicious code from entering the system, preventing large-scale attacks capable of infecting an entire network.
However, Zero Hour Auto Purge is only effective when it is enabled. To turn it on, follow these steps.
- In Microsoft Defender, navigate to Email Collaboration
- Click on Policies Rules → Threat Policies → Threat Management → Anti Malware
- Click Default Policy → Edit Protection Settings
- Check the Enable Zero Hour Auto Purge for Malware option
Malware Protection Configuration Benchmarks in Microsoft 365
Here are the malware configuration benchmarks that you can use to measure your security posture.
Blocking Malware from Gmail
Google Workspace prevents malware from reaching your inbox with a series of settings that identify malicious codes, encrypted messages, and harmful links. Some of these measures include scanning email attachments and blocking those with malware, identifying phishing emails, blocking malicious links from reaching the inbox, and using encrypted connections to prevent unauthorized access.
When it detects suspicious attachments and encrypted messages, Google Workspace isolates the attachments, moving them to the spam folder or into quarantine. Users are protected from unknown senders and the damage they wish to inflict on the company.
However, Google Workspace is only able to provide those protections when its settings are configured securely. To prevent suspicious attachments and scripts from unknown senders from reaching employee inboxes, follow these steps.
- Go to Admin Console Home Page and Click Apps
- Click Google Workspace → Gmail → Safety
- Turn on the setting Protect Against Anomalous Attachment Types in Email
- Click on the Edit button in the Attachments section and choose Move to Quarantine
Malware Protection Configuration Benchmarks in Google Workspace
Here are the malware configuration benchmarks that you can use to measure your security posture.
Up next in our Benchmark for SaaS Apps Series is Password Management.