Microsoft warns top file hosting services hijacked for email scams
OneDrive, Dropbox, SharePoint and others abused in phishing attacks
· TechRadarNews By Sead Fadilpašić published 9 October 2024
Microsoft is warning of a new phishing campaign that abuses different privacy settings in cloud-based file hosting services to bypass security solutions and steal login credentials, deploy malware, and more.
In a blog post, the company outlined how crooks have been seen abusing SharePoint, OneDrive, and Dropbox services in their attacks.
First, the attackers would compromise a person’s cloud hosting account - they can either purchase an account on the black market, or obtain the login credentials elsewhere. Then, they would use these credentials to upload a document to one of these services. The document is usually a fake Microsoft 365 login page, which serves not only to steal people’s credentials, but also to grab MFA codes and one-time passwords, too. Alternatively, the file can contain a link to a malicious site, where victims would share their login credentials, download malware to their devices, or similar.
Abusing privacy settings
Here is where it gets interesting - cloud-based file hosting services have security solutions that scan for malicious links and files. However, depending on the document’s privacy settings, security solutions may not be allowed to scan it.
“To bypass analysis by email detonation systems, the files shared in these phishing attacks are set to ‘view-only’ mode, disabling the ability to download and consequently, the detection of embedded URLs within the file,” Microsoft explained.
Alternatively, the hackers would restrict access to the document only to designated recipients, to the same result.
To make matters worse - the threat actors are not distributing these files in the traditional phishing way. Instead, when they grant access to the document only to specific accounts, the cloud service sends an email notification to those accounts. Consequently, the victims get an email from a reputable source, further boosting the perceived legitimacy of the email.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors