Page 23 - Check Point 2013 Security Report

03

_ APPLICATIONS IN THE ENTERPRISE WORKSPACE

024

Sharing is Not Always Caring

The term ‘Sharing is caring’ usually means that if someone

shares with others, they care about them. When sharing

files using File Storage and Sharing Applications in

workplace environments, this is not always the case. One

Top File Storage & Sharing Applications

(% of Organizations)

More info on top File Storage and Sharing Applications is available in Appendix B.

Source: Check Point Software Technologies

51

%

Windows Live Office

9

%

Microsoft SkyDrive

22

%

YouSendIt

13

%

Sugarsync

10

%

PutLocker

69

%

Dropbox

Chart 3-G

From July to September 2011, an attack campaign

tagged as :“Nitro” took place. Attackers used an off-

the-shelf Remote Access Tool called Poison Ivy to sniff

out secrets from nearly 50 companies, many of them

in the chemical and defense industries. Poison Ivy was

planted onWindows PCs whose owners were victims of

a scam delivered via email. The emails touted meeting

requests from reputable business partners, or in some

cases, updates to antivirus software or Adobe Flash

Player. When users opened the message attachment,

they unknowingly installed Poison Ivy on their

machines. From there the attackers were able to issue

instructions to the compromised computers, troll for

higher-level passwords to gain access to servers hosting

confidential information, and eventually offload the

stolen content to hacker-controlled systems. 29 of the

48 firms that were successfully attacked were in the

chemical and advanced materials trade - some of the

latter with connections to military vehicles - while

the other 19 were in a variety of fields, including the

defense sector21. Nitro is not the only example of the

misuse of RAT, other examples are the RSA breach,

ShadyRAT and Operation Aurora. In all these cases

Poison Ivy was utilized.

HACKED BY REMOTE ACCESS TOOLS

of the prominent characteristics of Web 2.0 is the ability

to generate content and share it, but this also presents a

risk. Sensitive information can get into the wrong hands

by sharing confidential files. Our research includes high

risk File Storage and Sharing applications that may cause

data leak or malware infection without user knowledge.

Our research shows that 80% of organizations have at

least one file storage or file sharing application running on

their network. We found that 69% of events are a result

of Dropbox usage. Windows Live Office is on the second

place with 51%.

High Risk Applications Usage per Industry

Check Point analyzed the usage of high risk applications

from an industry point of view. Chart 3-E indicates that

Industrial and Governmental organizations are the most

extensive users of high risk applications. There are cases

where the use of some of these applications might be a

legitimate use in an organization, for example the use of

remote administration tools by help desk, therefore the

horizontal bar in the chart indicates the probability level

of legitimate usage in a business environment.

80% OF ORGANIZATIONS

USE

FILE STORAGE &

SHARING

APPLICATIONS