In recent years, the use of cloud computing has exploded dramatically. By migrating data and applications to the cloud, an organization can significantly increase its scalability while taking advantage of the cost savings associated with outsourcing infrastructure to a third-party.
The use of cloud computing varies greatly. Many organizations have officially deployed data storage and core business processes to the cloud, under the protection of the organization’s security team. However, the use of cloud-based file-sharing services like Dropbox and Google Drive have even greater penetration due to their easy integration with major email services.
Cloud-based file sharing and data storage solutions like Google Drive and Dropbox, while convenient, can pose a significant threat to an organization’s file security and defenses against phishing. By exploiting poorly configured cloud-based file sharing and using file-sharing in phishing attacks, attackers can access sensitive data and make their attacks more likely to succeed.
How File Sharing Hurts Security
1. Cloud Misconfigurations
File sharing services dramatically increase the vulnerability of an organization to data breaches. In recent years, the use of cloud storage for sensitive data has increased dramatically. In some cases, organizations have officially approved cloud deployments that carry business data. In others, employees may use cloud deployments or file-sharing services like Google Drive and Dropbox to share files among them.
Whether employees are using an approved cloud distribution maintained and protected by the organization’s security team or an unofficial (and even personal) cloud-based file-sharing system, many organizations have trouble protecting sensitive data in the cloud. One of the leading causes of cloud-based data breaches is a misconfiguration of security settings, accounting for 95% of all cloud data breaches.
Cloud security misconfigurations are largely caused by customers’ misunderstanding of the security settings provided by their cloud service provider. Many file-sharing services have two security options: private and public. A private cloud deployment requires each user to be explicitly invited to gain access. While this is good for security, it can be a hassle, so, while it is the default, many employees will change their security settings to the public.
With a public cloud deployment, anyone with the URL of the resource can access it. While employees may feel that only legitimate users will ever learn this URL, tools exist for scanning the Internet for public cloud deployments and shared files. As a result, many organizations have leaked sensitive information on the public cloud and are often unaware of the fact until they are notified by external ethical hackers.
2. Phishing Attacks
While many organizations are taking advantage of the cloud for legitimate purposes, there are malicious applications as well. File sharing services are increasingly being used as a key component of phishing attacks.
The reason that an attacker uses a file sharing service in a phishing attack is simple: many email protection products scan emails for malicious links, making it harder to send a target to a malicious page. However, these same services won’t scan documents shared via Google Drive or Dropbox for those same links. By embedding a malicious link in a document and then sharing the document in a phishing email, the attacker still can get the target to click on that link but has a much higher probability of slipping the attack past email-based scanners.
Using file-sharing services in their attack also allows phishers to take advantage of the good reputation of the file sharing service’s domain. If the attacker shares a document that throws up a fake Google sign-in page and the document is shared in a Google Doc, then a user who checks the URL will see that it comes from google.com. As a result, they will probably enter their login credentials, exposing them to the attacker.
3. Protecting Against Malicious Use of File Sharing
As file-sharing services become more widely used, organizations need to defend themselves against the threats associated with them. Unauthorized or poorly secured cloud deployments can leak an organization’s sensitive information, and, since the cloud is accessible from anywhere, the organization may never know if the data has been accessed by an unauthorized third party. The use of file-sharing services in phishing attacks also exposes an organization to attack since these malicious emails can slip past many email scanning solutions.
Protecting against these threats to the organization often requires protection against the effects of the attack rather than the attack itself. With cloud computing, the main threat is that an organization’s sensitive data is moved to a cloud environment without appropriate securing settings being applied. Deploying a robust data and file security solution can help an organization identify repositories of sensitive data and monitor access to them, allowing them to detect attempts to access or exfiltrate this data.
In the case of phishing attacks enabled by misuse of file-sharing services, the end goal of these attacks is either to steal employees’ login credentials or to install malware on the organization’s machines. Deploying multi-factor authentication (MFA) on an organization’s web pages and other services can easily be done in a scalable fashion and can ensure that an attacker with access to user credentials can still not gain access to protected services. Defending the organization against malware requires the deployment of a strong antivirus solution on the network perimeter and internal systems.