Dropsmacked and Boxed In: Understanding the New Threats in Online File Sharing

File synchronization and sharing is a hot technology category - Forrester has even called it "the hottest since social networking". According to Forrester, usage has quintupled from 2010 to 2012 and over 25% of IT workers now use an FSS technology to do their jobs, whether provided by their employers or not. Some of the risks from these services are obvious: they serve as a firehose to get data from IT-managed devices and infrastructure to unmanaged mobile devices, home computers and third parties. But other critical risks are not immediately apparent.

The first type of risk is exemplified by a breach at an aerospace firm that received a call from the file-sharing service's sales team asking if it wanted to upgrade its accounts to Box's enterprise service. The problem was they had never signed up for Box: hackers created accounts for the company on the cloud service. From there, the attackers uploaded and downloaded data. The second type is illustrated by a clever piece of malware called DropSmack - using Dropbox, an attacker can sync files from home PCs onto computers on protected networks, and can even use that sync functionality to have Dropbox serve as the command and control for the malware itself.

There are several techniques that organizations can leverage to identify and counter these threats, which rely on enterprise networks not blocking cloud file sharing services that can be used in these sort of attacks. However, blocking these services only solves part of the problem, as employees often continue to use shadow IT until a corporate-sanctioned FSS tool can address their needs. In addition, given the propensity of users to move files elsewhere en masse, data-centric security plays a key role in mitigating the risk from these threats.