As cyber threats continue to evolve, 2025 has already seen an uptick in malicious activity. Cloud Storage Security’s threat intelligence center, Casmer Labs, has identified several malware families standing out as significant risks to your cloud storage resources and downstream users of your data.

The Top 3 Malware Families for January 2025 

Among the leading malware threats Casmer Labs detected in storage volumes for January 2025, the most frequently observed strains include:

1. SnakeKeylogger – A widely distributed infostealer targeting credentials
2. RustyStealer – A potent trojan focused on harvesting sensitive data
3. Mirai – A well-known botnet malware that targets IoT devices to launch DDoS attacks

These malware families exploit common attack vectors downstream, making it crucial for organizations to remain vigilant when they are ingesting data into their cloud storage volumes.

  WATCH: Top Malware Threats of January 2025: What You Need to Know  

In this session from Cloud Storage Security’s threat laboratory, Casmer Labs, we demonstrate how these pieces of malware work in a testing environment and outline how to adapt security practices to prevent their intrusion and detonation.   

Most Common File Types Associated with Malware in January 2025

Cybercriminals package malware in different file formats to maximize distribution and infect systems effectively. In January 2025, the most affected file types* were:

1. ELF (Executable and Linkable Format): 44% of cases – Primarily affects Linux systems, including servers and IoT devices
2. EXE (Windows Executable): 41% of cases – A major threat to Windows users, often delivered via phishing emails or malicious downloads
3. SH (Shell Scripts): 9% of cases – Targeting Linux and macOS users, frequently used for automation in attacks
4. PS1 (PowerShell Scripts): 4% of cases – Exploited to execute commands on Windows systems, often used for lateral movement within networks
5. ZIP (Compressed Archives): 2% of cases – A common delivery method for payloads, often containing malicious scripts or executables

Downstream Risks to Cloud Storage Environments

As businesses increasingly rely on cloud storage solutions like Amazon S3, Google Cloud Storage, and Azure Blob Storage, malware threats targeting these environments pose significant risks. Attackers target devices downstream by uploading malicious files to cloud storage volumes. When the malware eventually detonates, it can lead to data breaches, ransomware infections, and unauthorized access to sensitive data.

• Amazon S3 Risks: Malware-laden files stored in S3 buckets can be accessed by unsuspecting users or integrated into workflows, spreading infections within an organization
• Amazon EBS, EFS, and FSx Risks: These storage solutions, often used for persistent data storage and file sharing, are susceptible to malware propagation if not properly secured. Attackers may plant malicious files that persist across system reboots or infect shared file systems
• Google Cloud Storage and Microsoft Azure Blob Risks: Similar risks apply, where misconfigured permissions and lack of malware scanning allow infected files to propagate

Enhance Security Against Malware 

To mitigate these risks, organizations should deploy advanced security measures tailored for cloud storage environments:

• Scan Data in Storage for Malware: Leverage Amazon GuardDuty Malware Protection or other third-party antivirus solutions to ensure that malicious files are detected before they are accessed
• Automate Threat Detection: Implement cloud-native security tools that scan uploaded files in real time to prevent malware from spreading.
• Enforce Access Control and Encryption: Enforce strict access policies and encrypt stored data to reduce exposure
• Continuously Monitor: Regularly audit cloud storage configurations and access logs to detect anomalies

As malware tactics continue to shift, staying informed and proactive is the best defense against cyber threats. By understanding the risks associated with these file types and malware families, businesses can better protect their cloud storage environments from potential breaches. 

About Cloud Storage Security

Cloud Storage Security (CSS) is dedicated to protecting storage in the cloud. Our robust malware detection solution is designed to secure the entirety of an organization’s cloud storage suite, preventing cybersecurity incidents, including ransomware events, in downstream environments. Contact a subject matter expert today to start implementing a robust cloud storage security strategy.

*Based on a study of 602 discovered malware samples.