Amichai Shulman, CTO of Imperva, said: "I think that this is a good example of the difficulty with current detection techniques. In the beginning people believed that they could detect the actual malware (classic AV solutions) then gradually industry came to the realization that this is futile and modern solutions are looking to detect the C&C traffic, mostly by IP address, host names and URLs. This incident, like previous ones which used Twitter, Facebook and different forums as C&C for botnets, shows that this approach is also sloping into the trough of diminishing returns. It emphasizes the need for solutions that attempt to detect the essences of what attackers are after – unauthorized access to data inside the organizations. It is a wake-up call for the industry to introduce a new breed of solutions that detect abusive data access patterns in the data center, before the current generation of solutions becomes useless."
And Tim Erlin, director of security and strategy at Tripwire, said: "When a platform like Dropbox reaches a level of acceptance and market penetration, its utility becomes obvious to criminals as well as legitimate users. The fact that many businesses allow traffic to and from Dropbox makes it an ideal communication channel in which malware might hide. Businesses that don’t use Dropbox should consider monitoring traffic to the service and identifying systems in their environment where Dropbox is already installed."