Why Scanning Backups for Malware is Crucial for Atlassian SaaS Security

Modern organizations leverage cloud-based Software as a Service (SaaS) platforms like Atlassian's powerful suite of tools to streamline workflows and empower teams.

Jira, a versatile work management solution, tackles various project needs – from software development and agile methodologies to bug tracking and issue resolution. Jira Service Management (JSM), built on Jira's foundation, caters specifically to service teams, enabling exceptional customer support through features like incident management, service desk ticketing, and self-service portals. Finally, Confluence fosters seamless collaboration by providing a central space for knowledge sharing, process documentation, and brainstorming. Use cases include building knowledge bases, planning and documenting projects, and facilitating effective communication.

As Software Moves To Cloud, So Do the Threats

As enterprise software giants such as Atlassian move their platforms to the cloud, it's only natural for the threats to follow.   In a recent interview on the Biggest Cyber Security Threats in 2024,  Antonio Forzieri from global security leader, Splunk Advisory, spoke about the increased cyber-attacks on cloud-based applications, "we have seen attackers exploiting it, we will continue to see attackers exploiting it.".  Antonio continues by adding, "It's not just attackers attacking cloud, it's attackers using cloud (in their attacks)".

Atlassian Increases Its Cloud Security Stance

Atlassian is all too aware of the increasing threats to cloud posed by a multitude of sources and has responded by bolstering its own cloud security measures with the introduction of Atlassian Guard.  This brings some practical steps forward for customers, but as with anything cyber-security related, there are limitations to what Guard is protecting against. 

One of those exceptions is Malware.  

"Atlassian Guard, its a new comprehensive security product", Scott Farquar speaking at Atlassian Team'24

Even though Atlassian prioritizes security, malware can still infiltrate your instance. Ideally, malware would be blocked at the entry point (upload). However, a strong defense goes beyond the first line. Regularly scanning backups – the application's "safety net" – for malware embodies the principle of defense in depth, adding another layer of protection.

ITNews Article, May 23, 2024 

A bit about defense in depth, also known as layered security, fortifies IT systems by employing multiple security controls at different levels. Think of it like a medieval castle – an attacker must overcome walls, moats, and guards to reach the inner sanctum. Similarly, each security layer in IT systems adds another hurdle for attackers. If one layer fails, others remain to impede a complete breach, significantly bolstering your overall IT security posture.

How Can Malware Infiltrate Atlassian Backups?

Several scenarios can lead to malware infecting your Atlassian sites:

• Service Desks as a Vulnerability: Many organizations share their service desks with external users like customers, vendors, and partners for submitting requests. This creates a potential vulnerability. An attacker could upload a malicious file that bypasses the organization's firewall. If an agent servicing the request clicks on the file, it could download onto their device and potentially spread malware throughout the network.
• Phishing Attacks: A user in your organization clicks a malicious link in a phishing email, potentially compromising their credentials and allowing attackers to upload malware-laden files into your Atlassian instance.
• Supply Chain Attacks: If a third-party app integrated with your Atlassian instance has a vulnerability, attackers can exploit it to inject malware into your project data, which gets backed up.
• Insider Threats: A malicious insider with access to your Atlassian instance could upload infected files.

While ideally these threats should be blocked by the application itself, the next best place would be to detect them and take action by scanning the backup data keeping in mind the concept of defense in depth.

These threats highlight the importance of not only having backups but also ensuring they're clean and malware-free. Infected backups could become a ticking time bomb – restoring from them could reintroduce malware into your system, negating the purpose of the backup itself.

Benefits of Scanning Backups for Malware

Here are some compelling reasons to scan your Atlassian SaaS backups for malware:

• Early Detection and Prevention: By proactively scanning backups, you can identify potential threats before they cause significant damage. This allows you to isolate and quarantine the infected data, preventing it from contaminating your entire system and spreading laterally.
• Improved Security Posture: Regular malware scans for backups demonstrate a proactive approach to data security. This not only protects your organization from potential threats but also fosters a culture of security awareness within your team.
• Enhanced Compliance: Many data security regulations mandate organizations to have robust data security measures in place. Regularly scanning backups for malware demonstrates compliance and reduces the risk of regulatory fines or penalties.

The Revyz Malware Scanning Solution for Jira and Confluence

The Revyz Data Manager for Jira and The Revyz Data Manager for Confluence apps available in the Atlassian Marketplace automatically scan for malware in attachments that are part of Jira Service Management tickets / requests, Jira issues, and Confluence pages. In the scenario where a malicious attachment has been detected, it is immediately flagged and brought to the attention of the administrator of the system so that they can take further action.

In addition to scanning for malware Revyz also provides an exportable list of SHA-256 hashes for all attachments in the system which could be fed into other threat hunting systems for further analysis.

Conclusion

Atlassian SaaS tools are invaluable assets to the running of any modern organization. However, robust security measures are essential to mitigate the risk of malware compromising your data. Regularly scanning your Atlassian backups for malware adds a crucial layer of protection to your business continuity plan. By implementing a solution with integrated malware scanning, you can ensure your backups are clean and readily available for a swift and secure recovery when needed.

Remember, a well-executed backup strategy combined with proactive malware scanning helps safeguard your valuable data and fosters a secure Atlassian environment for your teams.