How hackers can penetrate any organisation via enterprise file sharing platforms

null

Hackers always seem to find a way. While organizations may be very well protected in their core networks, with up to date anti-virus and malware-detection systems, attackers have other routes to the data or system control they seek. Organizations are beginning to understand that they are vulnerable – very vulnerable – via content collaboration platforms (CCP) such as Box, Dropbox, Citrix, Google, or Egnyte. 

The use of CCPs makes execution of the dreaded “cyber kill chain” easier and more efficient for hackers. With many users collaborating on documents, all hackers need is one victim, often easily acquired via social engineering, and they are able to spread their malware joy throughout an organization, with virtually nothing to stop them.

Organizations – even those that are well-defended with the latest security patches and updates – can just as easily find themselves a victim of a CCP attack. Most organizations use a dual-pronged policy to protect their IT systems; along with internal controls (sandboxes, anti-virus, etc.), they also emphasize safe user practices. The latter is a bit problematic, though, because you can only go so far in attempting to protect systems by avoiding human error. Employees make honest mistakes, and all it takes is one engaging, innocent-looking file to trick just one of them into opening a malicious document.

That is a key to success for hackers utilizing CCPs. Unlike with a company's email system, for example, the CCP is not under the control of the IT department. While security breaches can (and do) happen with files sent by email, they can just as easily happen with files accessed on CCPs, as will be described below, regardless of the level of security in an organization's IT system. In fact, it's a loss of control over IT functions engendered by CCPs that are a part of the problem. 

How? File sharing solutions are designed to be used by the entire organization, allowing for optimized internal workflows and improved communication between coworkers and customers. And, they make the process simple and intuitive for everyone involved. But it is just the features that make CCPs so useful to an organization that provides hackers with the tools they need to easily breach an organization's defenses and establish a strong, malicious foothold - right under the IT department's nose.   

In order to gain access to its organization machine, all it takes is for a hacker to infect an employee’s home machine, planting malware that will eventually find its way onto the office computer and network via CCP documents – a task easily accomplished using an appropriate social-engineering phishing message that will compel the employee to open a document and load it onto the sharing platform. Once a single file in the cloud repository is contaminated, every user in the organization with access to that file is a potential collaborator to the attack, with the entire organization now at risk of data theft and malware infection. And it might be a while before anyone even notices there was a breach.   

Contributing to this problem is how employees use CCPs to share files. Some files get passed around quite a bit, either internally or externally – and the files that include links that can be viewed by anyone on the web with a link are at the highest risk of exposure. Employees are often unaware of the danger in sharing files. Furthermore, practices such as reusing passwords across different apps, or using simple passwords with just a few characters, are just as damaging. This lack of appropriate user security policies across departments makes it easier for cybercriminals to gain access to sensitive data, leaving data largely unprotected.

And often the CCPs themselves are no help; in fact, some CCPs clearly state that they employ an anti-virus engine as their only means of cyber-defense, advising users to exercise caution when opening files. Once a file is opened, it can be synced with any user that has access to the account, or any user with access to the file's link, without their even being logged-in – which means that the IT system is, essentially, toast. The recent breaches on some of the biggest content collaboration platforms in recent years – including  Yahoo, Microsoft, and Dropboxjust emphasizes the point. 

So does that mean companies shouldn't use CCPs? That's actually the wrong question; at this point, no one is going to give up the convenience of CCPs. What's needed is a way to protect the organization from infected files – and to do that, you need a robust cybersecurity system that will inspect anything entering the IT system, from any source. A system like this would do a “deep dive” on files, examining them for hidden malware or rogue code. The system could clean up the offending code or malware, and only then place it in the CCP repository.   

Instead of uploading a file directly to a CCP, the employee could upload it to a company server which would do the required work on the file, ensuring that it was safe enough to allow onto the CCP – with the system checking it each time an employee collaborating on the document tries to save their changes. For organizations working with CCP platforms, this is an ideal solution – one that ensures they get the full benefit of the ease of use and smooth collaboration features CCPs offer, while avoiding the inherent risks involved – and allowing IT departments to once again take ownership of the organization's data.   

Aviv Grafi, CEO of Votiro 

Image Credit: Sergey Nivens / Shutterstock