The use of open file sharing platforms in business continues to increase in 2017; Dropbox alone has over 200,000 active business accounts. Unfortunately, the convenience of these platforms and the increase in use by businesses attracts the attention of hackers as well. File sharing platforms and accounts have a high “hack value”—the overall value of the accounts on the dark web—due to the relative ease with which account can be obtained and the sensitivity of the information stored on these platforms.
The risk associated with the use of file share platforms is twofold. First, company supported file share is attractive to attackers because it is guaranteed to contain sensitive information. Second, file share platforms available to employees outside of the company—e.g. the employee Google Drive account—may be used to store company information, but likely do not use the same security standards as those enforced by the company. Attacks on file share platforms are also very real. In August of 2016 Dropbox forced users to reset their passwords based on a breach—60 million account credentials compromised—that had been discovered but was executed four years earlier in 2012.
Thus, it is important that businesses educate their employees on the risks of sharing information on these platforms and apply strict administrative and technical safeguards mitigate the risk of attack.
Common File Share Attack Approach
The most common approach attackers use to compromise file share platforms is phishing. Phishing is a technique by which the attackers sends out a legitimate looking (albeit fake) email which entices the employee to click on a link and provide information—such as login credentials—which goes directly to the attacker. Alternatively, the phishing attack may convince the employee to download an infected file to the same ends. Once the attacker has compromised the file share, he or she can either steal information directly, escalate privileges to access more information, obtain additional account credentials, or sell the information on the dark web. Access to the file share can also be used to perform a Denial of Service (“DoS”) attack by downloading or uploading large volumes of data thus congesting the network and preventing legitimate use.
Despite Google’s perceived safety, two major phishing attacks have been reported on Google accounts in the last two years. In late 2016, over a million google accounts were compromised by a malware attack known as Gooligan, designed to steal credentials allowing access to the victims Google services. Gooligan infected an estimated 13,000 devices per day during its lifecycle. Again in early 2017, Google accounts were targeted with a message requesting the user to download a file. When the user selected the link to download the file a face service that looked like a legitimate google service would request access to the users Gmail account.
Businesses can mitigate the risk of file share attacks by implementing strict policies and sanctions regarding their use. For example, all non-business file share sites can be blocked on the company’s network. Strict policies and monitoring should be in place to gain access to file share sites and employee accounts with such access should be closely monitored. Businesses should also implement test “phishing campaigns”—sending out company controlled phishing emails—to educate employees on what these email look like and how to avoid them. Phishing tests also help businesses understand their risks by monitoring the number of employees who click on the bogus links. Whereas businesses have less control over employees loading data on to personal file share accounts, strict sanctions should be in place regarding this activity and employees should be aware of these sanctions.