Subj : Microsoft warns top file hosting services hijacked for email scam
To   : All
From : TechnologyDaily
Date : Wed Oct 09 2024 16:15:05

Microsoft warns top file hosting services hijacked for email scams

Date:
Wed, 09 Oct 2024 15:13:00 +0000

Description:
OneDrive, Dropbox, SharePoint, and others, are being abused in phishing 
attacks that steal passwords and deploy malware.

FULL STORY
======================================================================

Microsoft is warning of a new phishing campaign that abuses different privacy 
settings in cloud-based file hosting services to bypass security solutions 
and steal login credentials , deploy malware , and more. 

In a blog post , the company outlined how crooks have been seen abusing 
SharePoint, OneDrive, and Dropbox services in their attacks. 

First, the attackers would compromise a persons cloud hosting account - they 
can either purchase an account on the black market, or obtain the login 
credentials elsewhere. Then, they would use these credentials to upload a 
document to one of these services. The document is usually a fake Microsoft 
365 login page, which serves not only to steal peoples credentials, but also 
to grab MFA codes and one-time passwords, too. Alternatively, the file can 
contain a link to a malicious site, where victims would share their login 
credentials, download malware to their devices, or similar. Abusing privacy 
settings 

Here is where it gets interesting - cloud-based file hosting services have 
security solutions that scan for malicious links and files. However, 
depending on the documents privacy settings, security solutions may not be 
allowed to scan it. 

To bypass analysis by email detonation systems, the files shared in these 
phishing attacks are set to view-only mode, disabling the ability to download 
and consequently, the detection of embedded URLs within the file, Microsoft 
explained. 

Alternatively, the hackers would restrict access to the document only to 
designated recipients, to the same result. 

To make matters worse - the threat actors are not distributing these files in 
the traditional phishing way. Instead, when they grant access to the document 
only to specific accounts, the cloud service sends an email notification to 
those accounts. Consequently, the victims get an email from a reputable 
source, further boosting the perceived legitimacy of the email. 

The best way to defend against such attacks is to use common sense and be 
extra careful when receiving email messages, regardless of who theyre coming 
from. 

 Via The Hacker News More from TechRadar Pro Microsoft 365 accounts targeted 
by dangerous new phishing scam Here's a list of the best firewalls today 
These are the best endpoint protection tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/microsoft-warns-top-file-hosting-servic
es-hijacked-for-email-scams


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.