The use of open file sharing platforms in business continues to
increase in 2017; Dropbox alone has over 200,000 active business
accounts. Unfortunately, the convenience of these platforms and the
increase in use by businesses attracts the attention of hackers as
well. File sharing platforms and accounts have a high "hack
value"—the overall value of the accounts on the dark
web—due to the relative ease with which account can be
obtained and the sensitivity of the information stored on these
platforms.
The risk associated with the use of file share platforms is
twofold. First, company supported file share is attractive to
attackers because it is guaranteed to contain sensitive
information. Second, file share platforms available to employees
outside of the company—e.g. the employee Google Drive
account—may be used to store company information, but likely
do not use the same security standards as those enforced by the
company. Attacks on file share platforms are also very real. In
August of 2016 Dropbox forced users to reset their passwords based
on a breach—60 million account credentials
compromised—that had been discovered but was executed four
years earlier in 2012.
Thus, it is important that businesses educate their employees on
the risks of sharing information on these platforms and apply
strict administrative and technical safeguards mitigate the risk of
attack.
Common File Share Attack Approach
The most common approach attackers use to compromise file share
platforms is phishing. Phishing is a technique by which the
attackers sends out a legitimate looking (albeit fake) email which
entices the employee to click on a link and provide
information—such as login credentials—which goes
directly to the attacker. Alternatively, the phishing attack may
convince the employee to download an infected file to the same
ends. Once the attacker has compromised the file share, he or she
can either steal information directly, escalate privileges to
access more information, obtain additional account credentials, or
sell the information on the dark web. Access to the file share can
also be used to perform a Denial of Service ("DoS")
attack by downloading or uploading large volumes of data thus
congesting the network and preventing legitimate use.
Despite Google's perceived safety, two major phishing
attacks have been reported on Google accounts in the last two
years. In late 2016, over a million google accounts were
compromised by a malware attack known as Gooligan, designed to
steal credentials allowing access to the victims Google services.
Gooligan infected an estimated 13,000 devices per day during its
lifecycle. Again in early 2017, Google accounts were targeted with
a message requesting the user to download a file. When the user
selected the link to download the file a face service that looked
like a legitimate google service would request access to the users
Gmail account.
Mitigating Risk
Businesses can mitigate the risk of file share attacks by
implementing strict policies and sanctions regarding their use. For
example, all non-business file share sites can be blocked on the
company's network. Strict policies and monitoring should be in
place to gain access to file share sites and employee accounts with
such access should be closely monitored. Businesses should also
implement test "phishing campaigns"—sending out
company controlled phishing emails—to educate employees on
what these email look like and how to avoid them. Phishing tests
also help businesses understand their risks by monitoring the
number of employees who click on the bogus links. Whereas
businesses have less control over employees loading data on to
personal file share accounts, strict sanctions should be in place
regarding this activity and employees should be aware of these
sanctions.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
