Mozilla has suspended the new Firefox Send service just four months after in launched, due to criminals increasingly using it as a malware delivery platform.
When it was launched, Firefox Send allowed files of up to 1Gb to be shared for free without needing to login or create an account. In a statement Mozilla advises:
“Before relaunching, we will be adding an abuse reporting mechanism to augment the existing Feedback form, and we will require all users wishing to share content using Firefox Send to sign in with a Firefox Account.”
The Send service created a unique, short lived URL for each file that was shared – which made it all but impossible for security systems to curate a list of know bad URL. Since the source domain and IP addresses involved were from Mozilla they would be a challenge to block due to the many other Mozilla services used by organisations, not the least being the Firefox browser.
The fact that the generated sharing URL was from Mozilla (and so came from a well known and trusted domain name) made it more likely that the unwitting victims would click on the links and download the malware payload to their computer.
The challenge is not unique to Firefox Send – other filesharing platforms have been used to deliver malware because of the trusted nature of their domain names. Microsoft’s OneDrive and Azure file sharing services have been particularly prone to these problems. For an organisation that uses Office 365 the share link sent from an attacker can look very similar to a link from a colleague sharing a legitimate report file.
To defend against these types of attacks, security managers need a combination of technology (such as a next generation firewall) to scan and detect the payload on the way into the network and security awareness training to help staff make more informed decisions about what links to click on.