Cloud storage has become something really used by users for their day to day. We can make use of this type of tool for very varied purposes, such as saving documents, sharing files, creating backup copies, freeing up disk space … Among the most popular platforms we can name Google Drive, OneDrive or Dropbox . Now, they can also be used by hackers to attack. We will explain in this article how you can use it for this.
How they can use cloud storage to attack
Hackers are constantly perfecting the way they attack victims over the network. However, they usually make use of services or platforms that are very popular, that have many users. In this way they can have a greater chance of success. Hence, they make use of services such as OneDrive, Dropbox or Google Drive to infect and carry out attacks.
Undoubtedly one of the most common attacks on the Internet today, and also when using platforms such as Google Drive, OneDrive or Dropbox, is Phishing . It basically consists of impersonating a legitimate platform, a company or any organization. They could even impersonate a particular user.
The goal is to gain the victim’s trust so that they download a file or click a link to log in. We can say that this type of attack is present in cloud storage platforms. We may come across emails that reach us, links on web pages or messages inviting us to log into our account but in reality we are exposing all the data.
We already saw in a previous article what we can do to avoid Phishing attacks.
Vulnerabilities in the service
Attacks on these services that exploit vulnerabilities have occasionally been detected. Hackers find flaws that appear on the platform, whatever they are, and manage to exploit them.
In this way, they have the possibility of accessing user accounts, stealing information or modifying the service to infect with malware.
This can also happen if we are using a tool without updating. Hence the importance of always having the latest versions, both of the applications we use and of the device itself.
Fake apps or plugins
Undoubtedly third-party applications or add-ons that are often maliciously modified are also a major problem. As we know, sometimes we can add different plugins that provide us with added functions and features. Now, are they really safe?
Our advice is that whenever we are going to install a program such as to use cloud services, we download them from official sources. You have to avoid third-party tools that may have undergone some modification to steal data.
Also noteworthy is the theft of passwords on cloud storage platforms such as Dropbox, OneDrive or Google Drive. They can use Trojans, keyloggers or any variety of malware to gain our credentials and thus gain access to the account. They can use it on our behalf even to infect third parties.
To avoid this our main advice is to use passwords that are strong and complex. They must contain letters (uppercase and lowercase), numbers, and other special symbols. It is also interesting to activate two-step authentication, something that is increasingly present in this type of service.
Finally, another very common attack method through services such as OneDrive, Dropbox or Google Drive is to use fake links . They can reach us through messaging programs such as WhatsApp, social networks such as Facebook or simply by browsing the Internet.
These links can purportedly contain a file to download from these platforms. However, sometimes they are actually hosted by other services that use the name or image to deceive and it is malware.
Ultimately, these are some of the attack methods that can be used through cloud storage platforms. It is very important to always maintain security. You can see a tutorial with security tips in the cloud.