The cloud is a grand way to collaborate with friends, family, and co-workers. I don’t believe I’d be capable of getting through my workday without Evernote, and while I don’t personally use Dropbox myself, I know plenty who swear by it like the Bible. But, are there cloud security risks with such tools, including malware?
What many people often forget is that it is possible for these popular cloud services to be the perfect avenue for malware delivery.
This unfortunate reality was been underscored by the recent security scare involving Evernote, in which a backdoor malware known as VERNOT.A utilized Evernote as a platform through which data could be collected about an infected system and its user. This data was then relayed back to a Chinese Evernote account, the owner of which could remotely control the system. It was thought that Evernote was also used as a platform through which stolen data could be distributed, in addition to being the platform through which it could be stolen.
Thankfully, the account to which the malware was set up to deliver was shut down. For the time being, it doesn’t seem like a great deal of damage has been done. Crisis averted, right?
Well…not really.
“This isn’t the first time a public consumer cloud service has been used to communicate with Malware,” notes Ars Technica’s Sean Gallagher. “There have been multiple cases of hackers using Twitter to control their botnets, including last year’s Flashback botnet. The malware searched Twitter posts that included IP addresses to use for command and control servers if they lost contact with the last server used. The Makadocs backdoor used Google Docs in much the same way as Vernot used Evernote, acting as a communication channel between infected PCs and the command and control server.”
The problem, explains Trend Micro CEO Raimund Genes at a March question-and-answer session, is that most network administrators don’t pay services such as Dropbox, Evernote, or Box.net much mind. These platforms aren’t generally considered to be potential security risk, and thus they escape the notice and scrutiny of IT professionals. “Nobody’s going to block Dropbox or Box,” said Genes. Worse, he continued, the avenue of distribution isn’t the only areas in which hackers are getting craftier: they’ve also changed the way their malware communicates.
“Many backdoor attacks now do most of their communication among infected systems within the network,” he explained. “This makes it even harder for intrusion detection systems to spot unusual activity, because the uploads appear more like legitimate traffic to those services.”
It’s all more than a little disconcerting, isn’t it? At this point, you’re all likely wondering what you can do to protect yourselves.
To be honest, safe browsing practices still go a long way towards keeping yourself free of malicious code. Given that this isn’t always guaranteed to work, however, you should make sure you don’t store any information that’s too personally identifiable on any cloud platform (at least for the time being).
It may also be prudent to speak to the IT staff at your place of employment, and ensure they’ve some sort of monitoring system in place to track the use of services such as Evernote. If they don’t…push for one.
Un-monitored and un-regulated, Evernote and its ilk could well end up being just one more security risk, regardless of how incredibly useful they are.
Source: Ars Technica
The PCMech.com weekly newsletter has been running strong for over 8 years. Sign up to get tech news, updates and exclusive content - right in your inbox. Also get (several) free gifts.
I use Dropbox…but I never install the software. I only use it via the browser– the way the original DropBoks was set up.
People like and love convenience, like a cloud storage package that automatically synches and updates you files without you having to touch your various devices…just touch the device and your data is there, no matter where you originated it.
But for convenience, there’s a price. And when that Convenience requires software that communicates without your direct control, then you’re opening the door to the savvy hacker who’ll make use of that automated ‘File Doorman’ for his own purposes.
Actually, you can direct control it. You can specify exceptions, for example, if you don’t want things synched. Dropbox only sends up files that you allow it to.
You know it. And now that you told me, now I know that…except I never really needed to know about those controls because I always did things directly. I only uploaded something because I manually did it. If I didn’t upload it, that meant the info/File wasn’t important or necessary for whatever I was doing outside of my office or home.
But the rest of the Digital World just clicks [OKAY] and lets the software install and operate on DEFAULT options. And DEFAULT means: Your Front Door is Open and Unlocked. Users need to stop presuming that DEFAULT takes ‘Care of them’ and scrutinize their digital ‘conveniences’.