Microsoft is warning of a new phishing campaign that abuses different privacy settings in cloud-based file hosting services to bypass security solutions and steal login credentials, deploy malware, and more.
In a blog post, the company outlined how crooks have been seen abusing SharePoint, OneDrive, and Dropbox services in their attacks.
First, the attackers would compromise a person’s cloud hosting account – they can either purchase an account on the black market, or obtain the login credentials elsewhere. Then, they would use these credentials to upload a document to one of these services. The document is usually a fake Microsoft 365 login page, which serves not only to steal people’s credentials, but also to grab MFA codes and one-time passwords, too. Alternatively, the file can contain a link to a malicious site, where victims would share their login credentials, download malware to their devices, or similar.
Abusing privacy settings
Here is where it gets interesting – cloud-based file hosting services have security solutions that scan for malicious links and files. However, depending on the document’s privacy settings, security solutions may not be allowed to scan it.
“To bypass analysis by email detonation systems, the files shared in these phishing attacks are set to ‘view-only’ mode, disabling the ability to download and consequently, the detection of embedded URLs within the file,” Microsoft explained.
Alternatively, the hackers would restrict access to the document only to designated recipients, to the same result.
To make matters worse – the threat actors are not distributing these files in the traditional phishing way. Instead, when they grant access to the document only to specific accounts, the cloud service sends an email notification to those accounts. Consequently, the victims get an email from a reputable source, further boosting the perceived legitimacy of the email.
The best way to defend against such attacks is to use common sense and be extra careful when receiving email messages, regardless of who they’re coming from.
Via The Hacker News
More from TechRadar Pro
Microsoft 365 accounts targeted by dangerous new phishing scamHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now
This articles is written by : Fady Askharoun Samy Askharoun
All Rights Reserved to Amznusa www.amznusa.com
Why Amznusa?
AMZNUSA is a dynamic website that focuses on three primary categories: Technology, e-commerce and cryptocurrency news. It provides users with the latest updates and insights into online retail trends and the rapidly evolving world of digital currencies, helping visitors stay informed about both markets.