Q
Problem solve Get help with specific problems with your technologies, process and projects.

How are cloud threats abusing public cloud services?

Dropbox API abused by attackers posing as legitimate users in a huge spear phishing campaign. Expert Dan Sullivan explains how to mitigate the risks of these cloud threats.

Dropbox's cloud storage service was abused by attackers in a massive spear phishing campaign recently. The attackers...

were able to hide their activity and appear as legitimate users. What can cloud providers do to prevent attackers from taking advantage of their free services to launch attacks? And what should enterprises do to protect themselves against these kinds of hidden cloud threats?

This case highlights the widespread utility of cloud services -- even attackers want to take advantage of what the cloud has to offer. This should not surprise anyone with experience in IT. Attackers and cybercriminals continually adapt new technologies as well as vulnerabilities to further their ends. In this case, attackers used the Dropbox API as a command and control (C&C) mechanism to distribute the LOWBALL malware. The information security firm FireEye discovered the cloud threats and worked with Dropbox to remediate the problem.

These kinds of cloud threats are especially challenging to address. Attackers take advantage of the fact that there is a large volume of traffic between sites such as Dropbox and corporate networks. The traffic generated as part of the phishing attack is not likely to be enough to trigger alerts in most organizations. This is especially the case as the typical volume of traffic to Dropbox can vary widely.

Scanning network traffic for malware is one way to mitigate the risk of malicious content entering the corporate network. Patching and vulnerability scanning are also important measures. The report by FireEye explained the attackers used an old vulnerability in Microsoft Office (CVE-2012-0158). A patched version of Microsoft Office would not have been vulnerable, even if the malicious content was not blocked on the network.

The chain of events leading from the first stages of an attack to harm to the organization's network may be long. Working to prevent phishing at its initial phases is preferable, but when the cost is high or the likelihood of success is low, disrupting the attack at later stages can still block substantial harm.

Want to ask Dan Sullivan a question about cloud security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Find out how to prevent a spear phishing attack

Learn if Enterprise Box is a secure option for your enterprise

Read about the security risks and benefits of hybrid cloud storage

This was last published in April 2016

Dig Deeper on Cloud Network Security Trends and Tactics

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What measures do you find are most effective at curbing cloud computing phishing attacks?
Cancel

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly.com

Close