Cloud Security , Next-Generation Technologies & Secure Development

Dropsmacked and Boxed In: Understanding the New Threats in Online File Sharing

Dropsmacked and Boxed In: Understanding the New Threats in Online File Sharing

Online file sharing technologies are pervasive, as mobility and collaboration continue to increase. This means unprecedented exodus of organization's data through consumer file sharing services. But hackers have also begun to use services such as Dropbox and Box to exfiltrate sensitive data, or even as command and control mechanisms for malware.

See Also: Live Webinar | 2021: A Cybersecurity Odyssey

Join this webinar to learn:

  • How and why these threats are effective against most defenses;
  • How to identify threats in your own organization;
  • How proactive enterprises are taking action to mitigate their risks.


File synchronization and sharing is a hot technology category - Forrester has even called it "the hottest since social networking". According to Forrester, usage has quintupled from 2010 to 2012 and over 25% of IT workers now use an FSS technology to do their jobs, whether provided by their employers or not. Some of the risks from these services are obvious: they serve as a firehose to get data from IT-managed devices and infrastructure to unmanaged mobile devices, home computers and third parties. But other critical risks are not immediately apparent.

The first type of risk is exemplified by a breach at an aerospace firm that received a call from the file-sharing service's sales team asking if it wanted to upgrade its accounts to Box's enterprise service. The problem was they had never signed up for Box: hackers created accounts for the company on the cloud service. From there, the attackers uploaded and downloaded data. The second type is illustrated by a clever piece of malware called DropSmack - using Dropbox, an attacker can sync files from home PCs onto computers on protected networks, and can even use that sync functionality to have Dropbox serve as the command and control for the malware itself.

There are several techniques that organizations can leverage to identify and counter these threats, which rely on enterprise networks not blocking cloud file sharing services that can be used in these sort of attacks. However, blocking these services only solves part of the problem, as employees often continue to use shadow IT until a corporate-sanctioned FSS tool can address their needs. In addition, given the propensity of users to move files elsewhere en masse, data-centric security plays a key role in mitigating the risk from these threats.

Webinar Registration

Premium Members Only

OnDemand access to this webinar is restricted to Premium Members.

Join Now to Access
Have an account? Sign in.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.