%20(1)-1.png?width=1800&height=1200&name=CSS%20-%20Blog%20(Featured%20Images)%20(1)-1.png)
%20(1).png?width=2000&height=1125&name=CSS%20-%20Blog%20(Featured%20Images)%20(1).png)
Casmer Labs, Cloud Storage Security’s internal threat laboratory, is constantly collecting, organizing, and analyzing malware samples to stay ahead of cybercriminals.This constant cycle of research is essential in the fight against cybercrime, as cybercriminals and antimalware providers are constantly trying to outsmart each other. In March, a number of trends and specific strains were identified as significant risks.
The Top 3 Malware Families for March 2025
Among the leading malware threats detected in customer storage volumes for March 2025, the most frequently observed strains include:
- Mirai – A well-known botnet malware that targets IoT devices to launch DDoS attacks
- Prometei – A botnet malware that exposes a recently-discovered Microsoft Exchange vulnerability
- LummaStealer – A malware-as-a-service (MaaS) infostealer, quickly growing in popularity, that targets cryptocurrency wallets, credentials, MFA browser extensions, and a variety of other sensitive data housed on local machines
Organizations must remain vigilant when transferring data into their cloud storage volumes, as these malware families commonly exploit downstream attack vectors.
Most Common File Types Associated with Malware in March 2025
Cybercriminals package malware in different file formats to maximize distribution and infect systems effectively. In March 2025, the most affected file types* were:
- ELF (Executable and Linkable Format)
- Primarily affects Linux systems, including servers and IoT devices
- EXE (Windows Executable)
- A major threat to Windows users, often delivered via phishing emails or malicious downloads
- ZIP (Compressed Archives)
- A common delivery method for payloads, often containing malicious scripts or executables
- SH (Shell Scripts)
- Targeting Linux and macOS users, frequently used for automation in attacks
- JS (JavaScript)
- Targets a wide range of applications and devices using JavaScript
Downstream Risks to Cloud Storage Environments
For organizations that store and process data in the cloud, the downstream users that download and execute those files are the primary target of cybercriminals attempting to execute an attack. If an employee, customer, or partner were to download and execute a piece of malware on their local machine, the results could include the initiation of a ransomware event, a data breach, or other forms of sensitive data loss.
- Object Storage Risks: Files containing malicious code are often accessed manually by employees or are automatically distributed downstream to spread infections within an organization
- Block and File Storage Risks: While file and block storage resources are often used to hold and share data in a persistent manner, malicious code that is integrated into these may propagate across systems and to the end application user
- Multi-Cloud Risks: Similar risks apply, where misconfigured permissions and lack of malware scanning allow infected files to propagate across a wider range and greater number of storage resources
How Organizations Can Protect Against Malware Threats
Organizations that store data in the cloud need to take proactive security measures to protect against malware ingestion and the associated downstream risk, including:
- Scanning Data in Storage Regularly for Malware: Leverage in-tenant malware protection to ensure that malicious files are detected before they are distributed downstream and accessed
- Automating Threat Detection: Implement cloud-native security tools that scan uploaded files in real time to prevent malware from propagating
- Enforcing Access Control and Encryption: Enforce strict access policies and encrypt stored data to reduce exposure
- Implementing Continuous Monitoring: Regularly audit cloud storage configurations and access logs to detect anomalies
As new strains of malware are built and the tactics they employ continue to evolve, keeping informed and making the appropriate changes to security practices is the best course of defense.
About Cloud Storage Security
Cloud Storage Security (CSS) is dedicated to protecting storage in the cloud. Our robust malware detection solution is designed to secure the entirety of an organization’s cloud storage suite, preventing cybersecurity incidents, including ransomware events, in downstream environments. Contact a subject matter expert today to get started implementing a robust cloud storage security strategy.
Share:
