Wednesday, July 17, 2013
Hackers using Dropbox to distribute malware
Secure File Transfer
Without question, Dropbox has established itself as one of the world's most useful and popular file sharing resources. With Dropbox, a user can easily upload files from one computer and then access them via another, or through a mobile device. Similarly, friends, family and coworkers can be granted access to a given account, making file sharing easy. This level of flexibility and availability is extremely attractive to millions of people who rely on the service regularly.
However, for all of the benefits offered by Dropbox, it is also critical to note the resource's shortcomings. Most notably, the basic version of Dropbox is consumer-grade and, essentially, unprotected. Consequently, there is always a risk that files stored and shared via Dropbox will be exposed, stolen or lost, or used as part of a cyberattack.
That is why many industry experts believe that Dropbox and other consumer-grade box file sharing options are only acceptable for personal use and non-sensitive data. When it comes to businesses, firms should instead invest in high-quality secure file sharing solutions that can guarantee the integrity of the organization's information and network.
This point was recently driven home by the revelation that a group of Chinese hackers has recently been using Dropbox as a means of spreading damaging malware.
The cyberattacks were identified by digital security firm Cyber Squared. According to the firm, the Chinese cyber?-espionage team has been using Dropbox as a means of spreading malware for approximately 12 months.
"The attackers have simply registered for a free Dropbox account, uploaded the malicious content and then publicly shared it with their targeted users," a Cyber Squared blog post explained. As a result, "the attackers could mask themselves behind the trusted Dropbox brand, increasing credibility and the likelihood of victim interaction with the malicious file from either personal or corporate Dropbox users."
Cyber Squared pointed out that the Chinese hackers did not exploit any weaknesses inherent to Dropbox, but rather took advantage of the very nature of the program and how it is used to gain access to users' computers and networks.
This incident emphasizes the importance for businesses of providing employees with a secure file sharing solution. If no such resource is made available, workers will likely turn to popular, less protected options, such as Dropbox, thereby putting the entire company at risk.
Critically, firms must prioritize ease of use when selecting file sharing solutions. Even when employees appreciate the importance of protecting corporate data, there are limits to the hoops they are willing to jump through to achieve this goal. If the organization provides a solution which is cumbersome and time-consuming, workers will likely abandon it in favor of a more convenient option, such as Dropbox.
However, if the firm makes sure that its secure file sharing solution is also simple and quick to use, employees will have no incentive to turn to less reliable resources.