Cybercriminals: They’re just like us! At least, their choice of cloud storage isn’t so far off from your average non-despicable data thief. Instead of using dedicated servers to hoard stolen data, hackers have taken to using popular consumer products like Google Drive and Dropbox.
“What it comes down to is, the criminals are using the same business logic that is driving people to move more and more operations to the cloud for legitimate business,” Christopher Budd, the global manager of threat communications for cloud security firm Trend Micro, told me. After all, why shell out for dedicated crime servers when you can just use the free, convenient storage options like Google Drive and Dropbox offer? There is no reason, hence the uptick.
Trend Micro recently uncovered a scheme where people installed malware to siphon PDFs, DOCs and other document files from computers and documents out and onto Google Drive. This comes after a similar malware that enables criminals to store stolen files on Dropbox was uncovered.
For Google Drive storage, the malware embeds a refresh token, which Google requires as part of its OAuth 2.0 protocol. The malware also uses Google’s programming language, golang.
It’s important to note, plainly, that Google itself is not compromised. This is not Google’s fault, and until Google comes up with a way to detect stolen files on Drive, it won’t have a way to stop it.
“There’s nothing special about Google Drive here. At some point, it’s going to be Microsoft’s OneDrive,” Budd said. “We’ve already seen Dropbox. We’ve seen Evernote. All of these free cloud-based services are viable candidates.”
I’ve asked Trend Micro exactly how many people they believe are affected or at risk from these attacks, and I’ll update when I hear back. It might be a very small group, so there’s no need to freak out. I’ve also asked Google how it is responding to the incident and whether it has any advice to help people protect themselves.
Budd believes the key way to prevent files from getting stolen in this way is to keep your software updated. [Trend Micro]