Everything is moving to the cloud — even the exploits of cyber criminals.
Research from Trend Micro, a Japanese security solutions company, found that Dropbox was recently targeted by cyber criminals for command-and-control purposes. The company explained the discovery in a blog post last week.
It doesn’t speak to a problem with Dropbox specifically but to cloud computing overall serving as a new avenue for possible security breaches, Christopher Budd, Trend Micro’s global manager of threat communications, told FedScoop.
“For targeted attacks, it takes a certain degree of infrastructure; you can’t just one day decide to carry out a targeted cyber attack,” Budd said. “The bad guys are used to hosting on servers that are of their control. Now they’re moving that infrastructure to cloud-based services.”
Just as the world of business is moving to the cloud, so are those out to steal information, he said.
Trend Micro, with a range of customers from individuals to Fortune 500 companies, was digging into a particular malware sample when researchers made the discovery. In the company’s blog, it outlined how a targeted attack was concealed behind the veil of the legitimate network traffic found in Dropbox. The attackers, according to researchers, abused Dropbox to download its command-and-control settings.
But really, it could have been any cloud-based service, Budd said, especially as more cloud-based data storage services are made available to both businesses and individuals.
This marks the second time Trend Micro has seen cloud-based services used as platforms for attack, which Budd said will only increase. The so-called bad guys have a way of copying each others’ tactics and most likely will in this case.
“Especially for network administrators, they should look at this as a wakeup call,” he said.
The message is that cyber criminals, just like legitimate companies, are seeing the “business benefits” of cloud services. Thus, they’re signing up for accounts and reaching sensitive files through these accounts.
For the cyber criminals,“this only takes a run-of-the-mill knowledge level,” according to Budd. “This is the next step in a new trend… and it will only continue.
Budd has two recommendations for network administrators at major companies. First, they should maintain vigilance in the short-term, building signatures and other protections into the system. This also includes monitoring the traffic to cloud services used by employees.
“If your Burbank office is empty late on a Saturday and no one would have access, but you can see activity on your Dropbox at that time, that’s a warning.”
Second, Budd said in the longer term there will be a greater need to find ways to build protocols that better distinguish between legitimate accounts and those that are not. This caliber of sophistication is “at least a few years out,” he said.
His last piece of advice for businesses is to really consider whether they must access services like Dropbox for their core business functions. If it’s not absolutely necessary, they might want to block access to cloud services because of the potential for attackers.
Some of these “must uses” would include official file sharing with partners and a situation in which the company is using Google Apps for its document functionality.
“Basically it’s a question of ‘What is your IT policy? Do you use cloud computing in an official capacity?’” Budd added.
There are definite similarities between the questions raised and what Budd refers to as “the Gmail problem,” when employees in high-security environments four years ago needed to access their work at home. To do this they often used personal Gmail accounts, which greatly compromised network security. Now companies realize the breach problems possible with Gmail, and they have to get there with cloud services too.
The cloud providers going forward will also have to take more steps to combat cyber criminals who can use their systems maliciously. Budd said right now these providers all have acceptable use policies and security terms of service.
“Everything’s in place, and they’re doing the right things,” he said. “But they’re always going to be very reactive by nature.”
In the case of individuals, Trend Metro’s findings around the potential of cloud services as platforms for cyber attacks shouldn’t scare them away from the convenience of the cloud entirely.
They should be concerned as part of any broader concerns about malware and infection sacrificing any files and valuable information. Also, they should make sure their systems are up to date and that they’re running modern security packages which, too, are up to date.
“If you do those two things, you’ll be ahead of 90 percent of the game,” Budd said.