One thing about criminals is that they are smart business people. If something makes business sense, they’ll adopt it.
Like so many smart businesses around the world, cybercriminals are increasingly jumping on the cloud bandwagon.
We’ve seen examples of cybercriminals using cloud-based services to distribute malware. Today our researchers have found evidence that they’ve moved another piece of their attacks into the cloud. Specifically, Dropbox has been used in some targeted attacks for command and control (C&C) purposes.
Keep in mind; this isn’t a problem with Dropbox per se: it appears these cybercriminals have signed up for legitimate accounts but are using them for malicious ends. It does however demonstrates criminals’ propensity for hijacking legitimate services.
There are two important lessons from this latest development. First, that cybercriminals recognize the business benefits of cloud services and so will likely continue to migrate from self-hosted (or compromised-server-hosted) attacks to cloud services. The other lesson is for CISOs and security managers: given that fact, it increasingly makes sense for you to block access to any cloud-based services where there is no legitimate business need and monitor for suspicious traffic with these services such as time of day, what devices are accessing, frequency of access among other things.
In the era of cloud computing, “reducing the attack surface” means limiting access to unneeded and unauthorized services.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.