But now data storage has witnessed a massive breakthrough in technology, thanks to cloud storage solutions. Some of the prominent cloud storage services like Google Drive, Microsoft OneDrive, Dropbox, and Apple iCloud Drive made it dead simple to back up, store, and keep our documents synced across devices.
Although, this convenience came to the users at a cost of privacy. When we use any of the Big 4's major cloud services, we theoretically give them—or anybody who can hack them—access to whatever we keep on their cloud, including our financial and health information, as well as our photos, notes, and diaries.
One of the major reasons why user privacy is at stake is because all four prominent cloud service providers meagerly encrypt the documents while uploading. Since these documents are not end-to-end encrypted, it indicates that the user is the only one with the ability to decrypt.
Minimal encryption would mean that the service provider too holds the key to decrypt users’ documents, and is capable of doing so at all times. Moreover, in some severe instances, a hacker may as well get hold of the decryption key.
Out of the four major cloud services, Apple is the only service provider with Advanced Data Protection for iCloud, launched recently, which enables users to choose to have their documents end-to-end encrypted when stored in iCloud Drive. This makes Apple void of any access to the files, ensuring the user’s privacy. However, this setting is still optional, making the merely encrypted iCloud Drive a default setting.
Since the remaining three major cloud storage providers are yet to provide users with the choice of end-to-end encryption and taking into consideration the exploded usage of such personal cloud services in recent years, billions of users are currently at risk of getting their sensitive documents exposed to the third party.
It is possible to use the popular cloud storage services while preventing anyone who gains access to your account from seeing the files stored therein by encrypting those files prior to uploading them. The best part? You do not require a computer scientist or a security developer to do so. With the numerous applications, that are available for free, one could encrypt any file on one's own.
One such well-known encryption program is Encrypto, sponsored by a company called MacPaw. You may drag a file into the program, give it a password, and then encrypt it using industry AES-256 encryption. The software then enables you to save a file with an encrypted version (.crypto file type).
After encrypting the files, the user can now upload the encrypted version of the file to their preferred cloud storage provider rather than the original file containing sensitive data. If your cloud storage is then compromised, the attacker should be unable to open the Crypto file without knowing the password the user has established for it.
Encrypto is a cross-platform tool that works on both Macs and Windows PCs, despite the fact that MacPaw is known for producing Mac-specific utility apps. The recipient merely needs to download the free Encrypto app to be able to open sensitive documents that have been sent to them over email and have been encrypted using Encrypto (and you need to let them know the password, of course).
Another nice feature that the app possesses is that it enables users to set different passwords for each file they create. One can even include a password hint in the encrypted file to remind what password is being used in the file. Users are advised to establish a password that would be difficult to decipher through brute force or something that would be difficult to guess.
This being said, no matter the choice of app, encrypting the files yourself before uploading them to Google Drive Microsoft OneDrive, Dropbox, or iCloud Drive adds an additional layer of encryption and security to the sensitive data while still maintaining to reap the numerous benefits of cloud storage.
Cryptojacking is becoming a nightmare for customers and enterprises, and threat actors have started using various techniques to deploy cryptojackers on victims' systems. As per recent developments, cybersecurity software developer Bitdefender found a crypto jacking campaign exploiting Microsoft OneDrive vulnerability to get access and run without getting caught on compromised devices.
BitDefender report says:
"OneDrive was specifically chosen in this attack because it permits the actor to achieve easy persistence. Adding OneDrive to startup is an action done by the dropper malware, but even if it did not do so, OneDriveStandaloneUpdater.exe is by default scheduled to execute each day. Of the detections we received, 95.5% came from OneDriveStandaloneUpdater.exe loading the malicious secur32.dll."
From May 1 to July 1, Bitdefender identified around 700 users impacted by the campaign. The campaign operates using four cryptocurrency mining algorithms- Ton, XMR, Ethash, and Etchash. It makes an average of $13 worth of cryptocurrency per compromised device.
Cryptojacking is an unauthenticated exploit of computer manufacture for mining cryptocurrency. The threat actors in the recent cryptojacking campaign used a DLL sideloading vulnerability in OneDrive by writing a fake secur32.dll file. After the file is loaded into the OneDrive process, the fake secur32.dll will download open-source cryptocurrency mining software and install it into genuine Windows processes.
Sideloading is basically installing a code that has not been approved for running on a system by the developer of the machine's operating system. DLL files are a combination of small programs having instructions that can assist a larger program finish non-core tasks of the original program.
Meanwhile, the OneDrive sideloading campaign is used only in cryptojacking, DLL side-loading is also used for the deployment of ransomware or spyware. Besides this, as cryptocurrency minutes are resource-sensitive, the victims can instantly see falling CPU and GPU performance, increased energy consumption, and overheating, these issues can ruin expensive hardware.
OneDrive, by default, is set to reboot on a daily basis, and the threat actors behind the latest cryptojacking campaign were found to run the OneDrive.exe process to run after a reboot, even if the user shuts it down. The attackers use this method to gain persistence. In 95% (estimated) of the findings, the scheduled reboot was found to deploy the infected secur32.dll.
"Given that the “per machine” installation method may not be suitable for all environments and privilege levels, user caution should be one of the strongest lines of defense against commodity malware. Bitdefender recommends that users ensure their AVs and operating systems are up to date, to avoid cracked software and game cheats, and to download software from trusted locations only"-Bitdefender report.