Nearly 90% of businesses are pursuing a digital-first strategy as their processes become digitized and data-driven. To increase productivity, people are moving from communicating primarily via email to other, more convenient cloud-based collaboration services – messaging, social networks, and cloud storage (together known as EC&C – Enterprise Communication & Collaboration apps).
Risks of Cloud Storage.
While some of these channels are managed by the IT team, many are being utilized “in the shadows”, where employees are exchanging sensitive information, on a daily basis, both internally and externally with suppliers and customers.
Amongst these services are cloud storage applications like Dropbox, Box and OneDrive, which are focused on file sharing and syncing between stakeholders.
However, with the productivity gains delivered by cloud storage apps, also come new security loopholes, and consequent risks.
Despite widespread adoption, OneDrive, SharePoint, Dropbox, etc. lack the advanced security measures that have been instrumental in securing email, endpoints and networks, creating security blindspots that pose a significant cybersecurity risk.
Within cloud storage apps, people are sharing many types of files, including Office and Adobe – the same content that is being weaponized by attackers to deliver malware through email. More importantly, just like email, cloud storage is not just an internal tool but one where 60% of companies(1) are also sharing content with outside customers, suppliers and other unmanaged third parties. This means that these channels are essentially a potential entry point for an attacker to infiltrate a target and damage it.
CASB Cloud Security.
More and more organizations are starting to implement a CASB (Cloud Access Security Broker) to protect their cloud services. A CASB acts as a gatekeeper, allowing the organization to extend the reach of their security policies beyond their own infrastructure.
CASB security is designed to actively monitor access and data leakage, and to enforce policies that will ensure controlled exposure of private and sensitive organizational information.
However, CASBs are not designed for threat detection, including the detection of malicious files, URL or social-engineering attempts, nor are they able to provide forensics on any such attacks. If an organization is only reliant on CASB security for their cloud storage securit, they are likely still very exposed when it comes to the risks of cloud storage and collaboration apps.
Cloud storage-borne attacks
There are three main attack vectors targeting cloud storage that we see in the wild.
(1) Insider Threat is a malicious attack that comes from within the organization. In most cases, it comes in the form of an unhappy employee that uploads a file to the company’s shared drive for others to download.
(2) Another potential source of attack is a Malicious File or URL that enters the organization from an outside source. An example for such a case can be a supplier that syncs a malicious file with a shared folder that is used to transfer files on an ongoing basis.
(3) Impersonation (Account Take Over) is when an attacker takes over a legitimate account or inserts himself into a message thread. In this case, the attacker can send an email with a link to a malicious shared file on the drive.
A real life risk of cloud storage
Perception Point has seen several such attacks within our customer’s cloud storage platform.
One of the most interesting was an attack on a Fortune-500, 100K employee organization using OneDrive & SharePoint. Perception Point’s system identified a malicious VB script file on their OneDrive. The VB script, which included evasion techniques, was actually a worm.
The attacker obfuscated the file to cover his/her malicious intent, making the code look like “nonsense”. Only one row was really a command, which by itself was also obfuscated.
Perception Point ran the malicious file in a contained environment. Once the script/worm was activated, it sent an error message stating the file has failed to start. However, the file changed all the folders in the “C” drive to shortcuts. If the user clicks on a file/shortcut, malicious code is activated.
Because the file resides in the cloud storage it would have remained undetected for a very long time, eventually impacting any employee who opened it and quite possibly the wider organization.
What you can do to protect cloud storage apps
Once understanding the full risks of cloud storage, including unprotected cloud storage services, the CISO must form a strategy to protect it. This strategy should have two main threads:
1. Security experts must treat this vector like they would treat any other point of communication with the outside world: monitor the content of the traffic, enforce policies to meet the organizational standards, and implement security measures designated to protect it.
2. Mitigate the threat once discovered. In the world of cloud storage, one successful infiltration can escalate and harm the entire organization. CISOs must leverage a holistic, centralized threat detection mechanism to monitor the threat and make sure does not spread across the network and the endpoints.
Perception Point’s solution for cloud storage security risks
Perception Point’s platform takes a holistic approach to cloud storage security risks, by preventing threats across all cloud services in the organization within one unified system. The same layers of protection built to protect e-mail (threat intelligence, anti-phishing, anti-impersonation, detonation, and more) are applied to protect cloud storage and other cloud collaboration services. Our cloud storage solution prevents malicious content (files & URLs) from being uploaded, downloaded or used to infect previously clean files across all major Cloud Storage platforms.