Cloud Apps Responsible for the Bulk of Malware Downloads

Web security has improved in leaps and bounds over recent years, but as is always the case the interests on the other side of the fence have made their own advancements. Many people have been inclined to ask around what exactly is in it for the people who create malware and put it out there for infecting a person’s computing device, but as has been determined – and not surprisingly – it’s all about money like anything else. There’s a very complex network of interests there, and the long and short of it is that people benefit from having your computer, notebook, or mobile compromised very underhandedly.

And so it is that much of what makes the Cloud the godsend it has been for digital professionals is also what makes it the #1 risk factor for being infected with malware. In many ways it is a classic example of having no choice but to take the bad with the good, and it appears the competition between malware makers and cyber security experts is going to continue full tilt for the foreseeable future.

Here at 4GoodHosting we’re equally big fans of the Cloud in the same way it is for any good Canadian web hosting provider who has a seat that’s conducive to seeing digital advances in the clearest of lights. Further, you can’t stop progress and there’s no debate we’ll be looking to get more out of cloud computing so that extensive physical storage isn’t allowed to be as harmful as it would otherwise. So yes, we are all very much taking the good with the bad these days and many people will have already had one or more unpleasant experiences with malware.

Let’s look at this finding that most malware downloads are delivered via the cloud, why that might be, and what are the potential ramifications of it all for the average business or organization.

2/3 of All for 2021

A recent Netskope report based on the 2021 year found that no less than two-thirds of malware downloads were based in cloud apps. This puts a spotlight on the continued growth of malware and other malicious payloads that make their way to unsuspecting users through cloud applications. As you’d expect this was up markedly from the same percentage for 2020, and what it does make clear is reflect that attackers are having more success with seeing their victims infected with malware.

What it does is create the need for better Cloud security, and there’s one particular popular resource where it may bee needed more than anywhere elsewhere – Google Drive. Given the popularity of Google’s flagship Cloud Computing resource that isn’t going to be well-received news for people who are devotees when it comes to using it. But it is what it is, and of course the popularity of the app and the sheer number of people using it is a big part of why it’s #1 for malware infections.

It’s interesting to note that it usurped Microsoft OneDrive for the dubious title. OneDrive was the number one source for malware infections the year previous, although it’s hard to suggest that a major shift in user preferences was behind the bulk of that shift.

19 to 37% Jump

The increase in malicious Office documents was from 19% to 37% according to the report, and the size of the increase is large enough to suggest more in the way of far-reaching cloud application security risks. It also indicated further that more than 50% of all managed cloud app instances have been targeted by at least once credential attack over the course of the last year, independent of whether that attack was seen through or blocked. The number of attempts suggest there are more bad actors out there than ever before who are building malware and putting it in the position to be distributed via the Cloud.

The reality is now that Cloud-delivered malware is now more of an occurrence than web-delivered malware. For 2021 malware downloads originating from cloud apps were now making up 66% of all malware downloads in comparison to traditional websites. The exact number for that is up 46% from the beginning of 2020. This is in comparison to Microsoft Office documents moving up to account for 37% of all malware downloads by the end of 2021.

Some of the Microsoft Office malwares – including the well-known Emotet malspam campaign in 2020’s 2nd Quarter – triggered a rush of malicious Microsoft Office documents designed by copycat attackers who were riding the coattails of the Emotet campaign. Another interesting catch is that upwards of 50% of managed cloud app instances are targeted by credential attacks exclusively. And the reason for that? Credentials gained underhandedly are able to be sold and that gets back to what we stared with in asking why is it people do this.

Try Until Success

What these malware attackers and their bimbos do is try common passwords and leaked credentials from other services in order to obtain access to sensitive information that has been stored in cloud apps. Also interesting to note that some 98% of attacks coming from new IP addresses, indicating that’s very much a part of the M.O. in order to stay out of sight as best as possible.

We also know from this report and others that corporate data exfiltration is on the rise. Increasing numbers of employees take data with them when they leave an employer and this report also has instances in 2020 and 2021 where an average of 29% of departing employees downloaded more files from managed corporate app instances. Another 15% of users uploaded more files to personal app instances in their final 30 days of being employed.

This is noteworthy because it goes to show that effective cybersecurity can’t be 100% digital exclusively, and there needs to be quite a bit of better and more secure business practices as part of the protective equation too. Which is important, because as we’ve discussed all the goodness of Cloud computing and eliminating the need for physical storage isn’t going anywhere.

Next Generation Mechanical Keyboards Sure to be a Hit

Even if you don’t have the most dextrous fingers or type especially quickly you are probably like everyone else in the way that doing your job probably involves typing on a keyboard. But these days as we all know keyboards are for so much more than just pressing keys to enter text and we use them in many other ways to make personal computing more efficient. Customization and greater functionality is the name of the game with all computing components. Mechanical keyboards offer this and they’re not new to the market, but until recently they’ve been quite expensive and not as widespread available.

That’s soon to change and nearly everyone who uses a keyboard for work or on a regular basis is likely going to be quite thrilled with the new mechanical keyboards. They will likely stay on the pricey side, but for some people it will be a price well worth it if it increases the productivity of their work day and gets rid of nuisances they used to find with their old conventional keyboard.

This makes the cut as newsworthy here at 4GoodHosting in the same way we imagine it would for any other good Canadian web hosting provider, as it’s something that nearly everyone can relate to. That’s going to be true if you’re anything from a web master to a data entry clerk or a university student with plenty of papers to write.

So what’s the fuss and what can be expected with this new and vastly improved generation of mechanical keyboards?

All About Customization

The ability to customize these keyboards is what makes them so great. What they offer is a level of personalization that can transform your everyday typing experience into a much more pleasurable experience as well as facilitating greater productivity on your part.

The best of features with new-technology mechanical keyboards starts with the keycaps on top of switches. They communicate key presses to the PCB and when contact is made between a switch and the PCB then it is the PCB that transmits the input to the computer and this allows the key to deliver much more detailed digital information if that is what is formatted to do.

Next up these keyboards have stabilizers, and while they’re not as functionally superior they do offer a better user experience with the way they allow longer keys (spacebar, for example) to have more of an even feel across it when pressed. These keyboards also have a metal frame plate which gives them more stability and solidity, the value of which will immediately register with those of us who are well in advance of 100 wpm.

Other Favorable Features

The printed circuit board on these keyboards is a big part of their superior functionality too. You can customize these even further (for more price of course) with up to quadruple switches and super durable aluminum housing. The key customization options are huge for users who may not use English primarily and instead have a native language that relies on a script that doesn’t work well with a conventional keyboard layout.

With custom mechanical keyboard you’re able to opt in and out of whatever it is you like, or don’t like. You can even vary what type of switch or keycap you use for specific keys and experiment until you the feel and responsiveness that’s optimal for you.

Mechanical keyboards mean easy maintenance too, as the ease of customization means replacing failing elements is much easier than it would be with a conventional keyboard. This is especially true if they have hot-swappable keys, and most of them do.

Less Expensive Upgrades Too

With a custom board, changing out the switches or keycaps is more affordable. It’s relatively inexpensive to swap them for a whole different set. Industry hardware experts say it is likely that in the not too distant future there will be generic parts that are compatible across different makes, and the manufacturers do have something to gain if they make it so that users are more brand loyal if they have right-to-repair on these units.

If you’re reading this on mobile you can skip the next suggestion, but anyways who is on a desktop or notebook can look down at the keyboard in front of them and think how it could be improved. In a short while from now you may be evaluating how successfully that has been done for you.

Data Clean Room Software a Big Development for Brands & Businesses

It was inevitable that eventually data was going to become Big data, and the increasingly digital nature of being in business and doing business is ensuring that trend just becomes more and more pronounced all the time. The catch as been in being able to make data available to partner organizations while still safeguarding the privacy interests anyone may have in the data being shared, and one of the more interesting things on the horizon early in 2022 is data clean room software.

With data leaks and the fallout of them being so often in the news it’s easy to see why we can relate to the need for this here at 4GoodHosting. Like any quality Canadian web hosting provider we have smaller level customers who may well see the promise of this for their online business or venture too. Many companies are in the process of looking for equally effective ways to collect, share and analyze data without compromising on privacy.

This also goes well beyond compliance, as companies that can incorporate this new technology and then be able to turn to any user interest group and give them 100% assurance to data security is going to be at an immediate advantage. Demand for such a resource has been growing over recent year, and it may be that with data clean rooms it’s about to become attainable and commonplace.

So what is the hype about, and what exactly is a data clean room? That’s what we’re going to look at with this week’s entry.

What’s a Data Clean Room?

A data clean room is a piece of software that allows brands and their partners to share data and gain mutual insights without compromising the privacy of the users’ data. Specifically it means not sharing any personally identifiable information or raw data with one another and in this way the data clean room serves as something of a neutral 3rd-party in major level affairs much like Switzerland would be if you wanted to use a geopolitical analogy.

At present there are 2 primary types of data clean room solutions available in the sharttech industry: The first ones are called walled gardens solutions and independent solutions is the other one, and both of them have advantages and drawbacks.

The question then become how this benefits a brand in particular, and to answer that we need to look at what consumer expectations have grown to become. What we do know is that consumers have become accustomed to certain type and level of user experience when it comes to brand interaction – most notably with seeing personalized, relevant content within an app and the type which has to this point been facilitated by access to user-level data.

Prime examples of this are cookies on the web or identifiers on mobile devices.

Unfortunately it has been that the exchanging of user-level data in this way has created the privacy problem that exists today. Consumers are rightfully asking to know how their data is being shared and with data clean rooms that allows the answer to be very different when that answer is being given honestly.

Experience Meeting Privacy without Compromise

AppsFlyer’s Privacy Cloud is a good example of this technology having been introduced, and with it and other data clean room solutions consumers will still get the great value and experience they expect from brands. But they’ll do so without any privacy concerns around how their data is being used. The catch is that any compromise on either end of the spectrum – customer experience or privacy – is going to be even more detrimental simply because of the inflexibility people have with either reality.

All of this takes on greater relevance when we consider that 3rd-party cookies are on their way out, and data clean room are already being earmarked for being a big part of filling that role so that user experiences can be optimized without sensitive data being put at risk. This is all because data exchanged between brands and partners continues to be the basis for accurate and actionable measurement.

The type of measurement which enables both sides to grow their businesses and give better experience to the end users. Up until now, however, this data exchange has been done based on user-level data only. What the data clean room does is provide a solution that maintains the great value and customer experience currently enabled by cookies, identifiers, and other user-level data – but doesn’t introduce the same privacy concerns that they wouldn’t be able to look past previously.

Additional Use Cases

Data clean rooms are already in use for operations in various industries. The way they provide secure environments where multiple parties can collaborate on sensitive and restricted data sets makes them very appealing, and you’ll find them in healthcare and life sciences, fintech (financial technology) insurance, fintech and other domains where sensitive data such as personal identifiable information (PII) has to be shared between multiple parties to perform analyses and generate insights.

Using AppsFlyer’s Privacy Cloud as an example again, what it does is let customers and partners keep up and be following all the various privacy regulations and guidelines but still getting the accurate insights they need in order to operate their business with maximum efficiency as well as best facilitate its growth.

And while other existing data clean rooms may have certain limitations, most are still going to have a lot of appeal for many. It should still be said though that data clean rooms from walled gardens have no cross-channel access, resulting in 1st-party date being mostly shared with their own data sets. Other ones may be limited to 1st-party data granularity as well as smaller partner ecosystems.

The biggest issue though is how it doesn’t have enough expertise with generating insights that the marketer needs, and there is almost always a need for aggregated reporting that is well suited for both business users and marketers.

Introducing Homomorphic Encryption

Homomorphic encryption enables the accurate generation of aggregated insights about the encrypted data, while not decrypting it at all. By remaining fully encrypted all the time it becomes a ‘zero trust’ technique where even the operator of the data clean room isn’t able to access the plain data. It uses a public key to encrypt the data, and of course that’s nothing out of the ordinary. What is different is how homomorphic encryption uses an algebraic system to allow functions to be performed on the data while it is in the encryption process.

Once that’s done then only the individual with the matching private key can access the unencrypted data after the functions and manipulation are complete. This means data remains secure and private even when someone is using it.

Bigger picture data clean rooms should be better for marketers to understand the real impact of their investments with more concrete evaluations of conversions and incrementality-based solutions being used test and control groups to isolate many affected variables. This will help marketers to optimized their efforts without putting shared data necessary for that into jeopardy if there’s any inherent security flaw or risk in the infrastructure.

Coming Windows 11 Update Set to Make OS Run Better on Lesser Hardware

Even if you’re a Mac person it is not difficult to see why the Windows OS is the dominant one all across the board. And truth is most people are not firmly in one camp or the other when it comes to their computing devices of choice. Mac is always going to be preferable for people who use theirs for creative purposes too, but PCs are going to be the same way for people who are all business and work related for the most part.

One of the things that has been noteworthy recently is how some companies – And Apple most notably – are now starting to make replacement parts available as part of the Right to Repair movement that is growing in strength due to how much e-waste is being generated and how electronic devices of all sorts are being made with planned obsolescence in mind. Microsoft isn’t doing the same with parts but one of the big aspects of the coming Windows 11 update is that the OS is going to now be able to run better on older and more low-end hardware.

In that sense it’s in line with the same ideas, and of course this is a good thing. So many possible examples as to why, but look no further than the thousands of old PCs that are repurposed for education in 3rd world countries and the like. This is not the only aspect of the update that should be talked about, but it is one that we can definitely support here at 4GoodHosting and we’d imagine any good Canadian web hosting provider would feel similarly.

More on Build 22526

Right now the Windows 11 Build 22526 is only available to members of the Microsoft Insider early access program, but it is introducing a number of fixes and enhancements. Many, however, are relatively minor but one worth mention is how Microsoft is using the latest build to experiment with a new approach to indexing file locations. They hope this will help users hunt down important files more quickly in File Explorer.

The reason we mentioned this one is despite the performance improvements seen over the course of recent updates, File Explorer is still just as sluggish and prone to crashes as ever. And for many among the frustrating issues the worst is when utilizing the search functionality. If often takes way too much time to return relevant results, especially if the person is choosing to store a large number of files on their local hard drive.

What’s going to change here is the newest update is going to make sifting through large quantities of files quite a bit faster, and the idea is that will allow people on lesser devices to be more productive with them. Users running Windows 11 on older, less powerful hardware, will now be less likely to suffer performance dips and longer load times.

Other Improvements

Superior file indexing is not the exclusive improvement ushered in with Windows 11’s latest build. We have seen that other upgrades include support for wideband speech when using Apple AirPods that are likely to improve audio quality for voice calls and a new and improved approach to the familiar Alt + Tab Hotkey functionality. Enterprise customers will also like how Microsoft has enabled its Credential Guard service by default, and the way it shields sensitive data behind a layer of virtualization-based security is something that’s very needed in today’s digital operating space for businesses.

In closing here we should mention that the latest Windows 11 build is currently only available to Dev Channel members. This is because there will be 2nd level fixes on the way and these individuals are ones who have opted to receive the most unstable features in advance. It is not known when the new features will make their way into a public build but signs are promising for anyone who’s had issues with an older PC and how well it works with File Explorer.

Slowing the Low Code Hype Train

Here we are with another new calendar year opened up, and you’ll be forgiven if January ’22 has you the same you were at this time last year with some sense of bewilderment at how developer technologies and methodologies are expanding in leaps and bounds. Part of that has been low-code technology, one that was forecast to have gains in application around 22% for 2021 and by all indications did that at the very least. It’s also estimated that by 2025 70% of new applications will be built with low-code or no-code technologies.

What we have on the plate today is 3rd generation low-code technology that’s improved on the 2 preceding generations of it. It gives enterprise that ability to build anything from the simplest to highest complexity applications and scaling them to whatever extent needed without limitations. It’s also known for providing built-in controls and functionalities required for enterprise governance while fostering more collaborative team working environments too.

It is conducive to the type of digital applications enterprises need to be able to create quickly and then easily adaptable as they fit needs that may be changing. Here at 4GoodHosting we imagine we’re like any good Canadian web hosting provider in that we’re able to see the real relevance in that and accordingly why there’s so much hype about low code and applications that are built around it.

But perhaps there’s reason to pull on the reins a bit there

The Pros

Low code can be helpful for building an MVP and fleshing out concepts within a small scope with precise product requirements and an understanding any scaling will be limited. But many times as project progresses there is the need to upgrade the processes. Without low-code solutions your ability to scale is very limited, and it can also be more costly too.

Then from the developer’s perspective choosing low code to complete small-scale projects and prototypes or build basic solutions is almost always faster and with fewer hiccups. Keep in mind though that most professionals will prefer to code from scratch when working on complex on account of the flexibility that provides for them. While the chance that a low-code platform won’t allow you to create a product meeting new or changed requirements will exist, that’s usually no deterrent.

Scalability really is the key benefit for low-code development, and the opportunity for and cost of horizontal and vertical scalability are primary factors when a vendor is being chosen. The benefits for accommodating changing numbers of daily active users, available features, storage, and expanded computing power are considerable and weight heavily in favour of this type of development.

It also allows you to escape being overruled by AI when a site experiences a large of influx of visitors and you would otherwise have access limited and / or forced to upgrade. This a huge issue in the SaaS sector right now and it’s one that’s pushing developers there to have greater interest in going low-code moving forward.

The Cons

Starting at the start here with the drawbacks to building with low code, it is extensive training requirements. There’s usually a lot that goes into implementing a low-code solution and how that usually manifests itself is in significant delays in deployment. For many people the foreseeing of this is what leads them to stick with agile development in order to get to market in a timeframe that’s been envisioned for the product.

The next issue here is timeframe variances related to other factors aside from development tools and methodologies. Ones that vary from weeks to months and will depend on the quality of the available documentation and support. The fact there isn’t an industry standard means every platform will have its own unique system. If an industry standard did exist that would change things instantly, but of course the question who would define that, based on what criteria, and what authority to do so?

Troubleshooting is difficult with low-code development too. When something goes wrong it a successful remediation will depend on the quality of the documentation, the response speed, and the competence of the dev team and their support. Debugging a program built with low-code may be difficult or flat-out impossible too, and vendor lock-in is a possible negative too if the solution will not be compatible with any other competitor or similar provider.

You may need to depend on the vendor’s platform to work, and you may only be able to make use of it as a backup. Plus migrating to another service is many times nearly impossible. You may well have to start over again from scratch.

One Tool Like Others

The simplicity and scalability of low code make it appealing, but it shouldn’t be seen as the be-all solution that should be rolled out by default in every task instance. Make sure you have a deep understanding of the niche you’re working in to foster strong understanding of the demands for the product you’re building and how they might be tested against a vendor’s capabilities.