Earlier this year, a small aerospace company asked AccessData, a forensics and security firm, to investigate how its data had ended up on file-sharing service Box.com. The firm, which AccessData declined to identify, had received a call from the file-sharing service's sales team asking if it wanted to upgrade its accounts to Box's enterprise service.

The only problem: The aerospace company had never signed up for Box.

AccessData's investigation revealed that malware had compromised the systems of six employees at the company and created accounts for each of them on the cloud service. From there, the attackers uploaded and downloaded data. "Traffic going to Box.com seems pretty innocuous, so from the attacker's perspective, this is brilliant," says Jordan Cruz, senior forensic consultant for AccessData.

This type of targeted attack, sometimes filed under the heading advanced persistent threats (APTs), is increasingly being used to gain access to proprietary and confidential enterprise data. Read full story on Dark Reading


Post a comment to the original version of this story on Dark Reading