According to the experts from security firm AppRiver, Danish-speaking users were hit by an unusual malware-based attack.
The attack hit Denmark, Germany, and several surrounding Scandinavian countries on Wednesday morning.
Danish-speaking users were infected by malware spread through Dropbox, but the company quickly adopted the countermeasures to stop the attack.
The exploitation of Dropbox by crooks is not a novelty, an attacker can use spam messages containing links to cloud storage that points malicious files, they leverage on the fact that usually there are no restrictions on the Dropbox traffic.
The researchers noticed that the attackers used a unique link for each malicious message on the hacking campaign, this circumstance suggests the attackers used an automated script to randomly create the Dropbox file shares.
“Lately we have seen more email providers tighten restrictions on what type of files can be sent/received as an attachment. In response, malware distributors, whom are always looking for a weakness to exploit, have embraced file sharing as an alternative means to distribute those malicious files. We expect this trend to continue throughout the year.” continues the analysis.
Troy Gill, security analyst at AppRiver, explained that Dropbox quickly replied to the attack, after two hours almost all the malicious links were disabled.
“I would say that after about an hour, we saw a lot of the links disabled,” he said. “After two hours, I was hard press to find a link that wasn’t disabled.”
Crooks sent out hundreds of thousands, maybe millions of messages.
How to protect companies from such kind of attacks?
Businesses can use spam filters, but a more aggressive approach implies the ban of emails embedding Dropbox links.
“If you wanted to be aggressive, you could ban inbound Dropbox content links,” he said. “And if you decided that your organization wasn’t going to use it, you could easily make a change to your spam filter or your web filter to block access to Dropbox entirely.”
(Security Affairs – DropBox, spam)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.