Dropbox is the latest victim of a phishing attack after attackers gained access to one of its GitHub accounts using employee credentials and stole 130 code repositories. Dropbox is a file hosting service.
The attack (which was identified October 14th, 2022) targeted multiple Dropbox employees using emails impersonating the CircleCI continuous integration and delivery platform and redirecting them to a phishing landing page where they were asked to enter their GitHub username and password.
In this instance, Dropbox had controls that limited the spread of this attack and significantly reduced the amount of compromise. While no breach is good, this one (it appears at this time) was contained due to their extra security layers implemented to protect sensitive data. These types of attacks serve as a constant reminder that employees’ identity is now the perimeter of the organization, and businesses must remain diligent in implementing proper identity access management solutions to continuously stay ahead of phishing campaigns.
To prevent similar incidents from happening again, Dropbox aims to adopt WebAuthn, an open standard that allows web servers to register and authenticate users using asymmetric cryptography.
Considering the ramifications for Digital Journal is Almog Apirion, CEO & Co-Founder of Cyolo.
Apirion looks at the ‘insider threat’ and the associated vulnerability with employees: “Far too often employees fall victim to phishing attacks, placing sensitive company assets at risk of malicious threats. The important piece to recognize in this case is that systems and processes were in place to detect symptoms of a breach and allowed the afflicted organization to jump right on their investigation and notify all of those affected.”
A further issue is with the changing way that work is organised, especially the increases with home working. Here Apirion points out: “With the rise of remote work, it has become challenging for organizations to implement perimeter security systems. Often, they are attempting to determine how to safeguard employees while they are no longer physically present in the office.”
There are some strong lessons to be drawn from this incident and others like it. According to Apirion: “These types of attacks serve as a constant reminder that our identity is now the perimeter of our organization. By increasing the adoption of zero trust practices, businesses can ensure the validation of all users, limit the applications each user is entitled to, and capture a full audit trail for forensic and compliance needs.”