Given that 50 million people are using DropBox, it surely looks like an inviting attack vector for cyber adversaries. Jacob Williams (@MalwareJake) seems to have developed malware, DropSmack, to embed in a Word file already synchronized by DropBox to infect an internal endpoint and provide Command & Control communications.
What technical control do you have in place that would detect and block DropSmack? A network security product would have to be able to decode application files such as Word, Excel, PowerPoint, PDF, and then detect the malware and/or anomalies embedded in the document.
Can you prevent DropBox from being used in your organization? Should you? What about other file sharing applications?
Despite efforts to curb file-sharing, it’s booming. New file-sharing apps have been developed that are harder for enterprises to control.
The file-sharing landscape is slowly adjusting in response to the continued push for more anti-piracy tools, the final Pirate Bay verdict, and the raids and arrests in the Megaupload case. Faced with uncertainty and drastic changes at file-sharing sites, many users are searching for secure, private and uncensored file-sharing clients. Despite the image its name suggests, RetroShare is one such future-proof client.
If your Next Generation Firewall uses a Positive Control Model and monitors all 65,535 ports all the time you do not have to worry about these new file-sharing products because they will be blocked as unknown applications. Of course, before you go into production, you must investigate all of the unknown apps to assure that all business-required apps are identified, defined, and allowed by policy.
PaidContent uses the term “cyberlocker” to refer to browser-based-based file sharing applications which pose a new challenge to the music industry’s efforts to thwart illegal sharing of music, aka piracy.
The article highlights some of the better known applications like RapidShare, Hotfile, Mediafire, and Megaupload. It also points out that Google Docs qualifies as a cyberlocker, although it’s used mostly for Word and Excel documents.
What the article fails to mention is amount of malware lurking in these cyberlockers. The file you download may be the song you think it is or it may be trojan.
Palo Alto Network’s Applipedia identifies 141 file sharing applications, of which 65 are browser-based.
Any organization which has deployed Palo Alto Networks can control the use of browser-based file sharing with the same ease as the older peer-to-peer file sharing applications.
Furthermore, if you configure Palo Alto to block the “file sharing” sub-category of applications, not only will all of the known file sharing applications be blocked, but any newly discovered ones will also be blocked. However, there are valid business use cases for using a file sharing application. Therefore you would want an exception for the one you have selected.
Finally should you choose to allow a file sharing application, Palo Alto will provide protection against malware.
The U.S. Federal Trade Commission has notified nearly 100
organizations that data from their networks has been found on
peer-to-peer file-sharing networks, the agency said on Monday.
The FTC notices went to private and public entities, including schools
and local government agencies and organizations with as few as eight
employees to as many as tens of thousands, the FTC said in a statement.
The sensitive information about customers and employees that was leaked
could be used to commit identity fraud, conduct corporate espionage,
and for other crimes.
Unfortunately file sharing based on peer-to-peer technology is only a part of the problem. Some firewalls and most intrusion prevention systems (IPSs) can block peer-to-peer file sharing. However, the problem is actually much worse – the growth of browser-based file sharing applications designed to bypass most firewalls and IPSs.
Palo Alto Networks, a next-generation (as defined by Gartner) firewall vendor, recognizes and can control or block 88 different file sharing sharing applications. Of these, 40 use peer-to-peer technology, 39 are browser-based, and 9 are client-server. Therefore if your network security infrastructure can control or block peer-to-peer file sharing, you are solving less than half the problem.
For more information about the hundreds of applications that ought to be controlled or blocked, go to Palo Alto Network's Applipedia.