vali_111 - Fotolia
Dropbox's cloud storage service was abused by attackers in a massive spear phishing campaign recently. The attackers were able to hide their activity and appear as legitimate users. What can cloud providers do to prevent attackers from taking advantage of their free services to launch attacks? And what should enterprises do to protect themselves against these kinds of hidden cloud threats?
This case highlights the widespread utility of cloud services -- even attackers want to take advantage of what the cloud has to offer. This should not surprise anyone with experience in IT. Attackers and cybercriminals continually adapt new technologies as well as vulnerabilities to further their ends. In this case, attackers used the Dropbox API as a command and control (C&C) mechanism to distribute the LOWBALL malware. The information security firm FireEye discovered the cloud threats and worked with Dropbox to remediate the problem.
These kinds of cloud threats are especially challenging to address. Attackers take advantage of the fact that there is a large volume of traffic between sites such as Dropbox and corporate networks. The traffic generated as part of the phishing attack is not likely to be enough to trigger alerts in most organizations. This is especially the case as the typical volume of traffic to Dropbox can vary widely.
Scanning network traffic for malware is one way to mitigate the risk of malicious content entering the corporate network. Patching and vulnerability scanning are also important measures. The report by FireEye explained the attackers used an old vulnerability in Microsoft Office (CVE-2012-0158). A patched version of Microsoft Office would not have been vulnerable, even if the malicious content was not blocked on the network.
The chain of events leading from the first stages of an attack to harm to the organization's network may be long. Working to prevent phishing at its initial phases is preferable, but when the cost is high or the likelihood of success is low, disrupting the attack at later stages can still block substantial harm.
Want to ask Dan Sullivan a question about cloud security? Submit your question now via email. (All questions are anonymous.)
Find out how to prevent a spear phishing attack
Learn if Enterprise Box is a secure option for your enterprise
Read about the security risks and benefits of hybrid cloud storage
Dig Deeper on Cloud Network Security Trends and Tactics
Related Q&A from Dan Sullivan
Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan ... Continue Reading
Cisco's new project Contiv automates operational policies for containerized applications in the cloud. Expert Dan Sullivan explains the benefits of ... Continue Reading
AWS has begun providing Active Directory management in the cloud. Expert Dan Sullivan explains this new Amazon service and what it means for users. Continue Reading