vali_111 - Fotolia

How are cloud threats abusing public cloud services?

Dropbox API abused by attackers posing as legitimate users in a huge spear phishing campaign. Expert Dan Sullivan explains how to mitigate the risks of these cloud threats.

Dropbox's cloud storage service was abused by attackers in a massive spear phishing campaign recently. The attackers were able to hide their activity and appear as legitimate users. What can cloud providers do to prevent attackers from taking advantage of their free services to launch attacks? And what should enterprises do to protect themselves against these kinds of hidden cloud threats?

This case highlights the widespread utility of cloud services -- even attackers want to take advantage of what the cloud has to offer. This should not surprise anyone with experience in IT. Attackers and cybercriminals continually adapt new technologies as well as vulnerabilities to further their ends. In this case, attackers used the Dropbox API as a command and control (C&C) mechanism to distribute the LOWBALL malware. The information security firm FireEye discovered the cloud threats and worked with Dropbox to remediate the problem.

These kinds of cloud threats are especially challenging to address. Attackers take advantage of the fact that there is a large volume of traffic between sites such as Dropbox and corporate networks. The traffic generated as part of the phishing attack is not likely to be enough to trigger alerts in most organizations. This is especially the case as the typical volume of traffic to Dropbox can vary widely.

Scanning network traffic for malware is one way to mitigate the risk of malicious content entering the corporate network. Patching and vulnerability scanning are also important measures. The report by FireEye explained the attackers used an old vulnerability in Microsoft Office (CVE-2012-0158). A patched version of Microsoft Office would not have been vulnerable, even if the malicious content was not blocked on the network.

The chain of events leading from the first stages of an attack to harm to the organization's network may be long. Working to prevent phishing at its initial phases is preferable, but when the cost is high or the likelihood of success is low, disrupting the attack at later stages can still block substantial harm.

Want to ask Dan Sullivan a question about cloud security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Find out how to prevent a spear phishing attack

Learn if Enterprise Box is a secure option for your enterprise

Read about the security risks and benefits of hybrid cloud storage

Dig Deeper on Cloud Network Security Trends and Tactics