Microsoft Reports Surge in Legitimate File Hosting Service Usage in Business Email Compromise Attacks

The Tech Report

Why Trust Tech Report

Arrow down

Tech Report stands as one of the oldest platforms dedicated to hardware, news, and tech reviews online. We strive to create informative technology guides, impartial product evaluations, and cover the latest advancements in tech and cryptocurrency. Our commitment to editorial independence makes us prioritize content quality and factual accuracy, which we regard as essential principles.

Microsoft has observed a rise in the exploitation of legitimate file hosting services like OneDrive, Dropbox, and SharePoint in email attacks targeting businesses since April 2024. This technique, referred to as living-off-trusted sites (LOTS), highlights a significant concern.

The current campaign primarily focuses on restricted files, particularly view-only documents, to avoid detection. If a file is downloadable, the user may uncover the harmful URL concealed within it.

The story doesn’t conclude here. After a victim’s account is compromised, it opens the door for further nefarious activities including financial fraud, phishing scams, and business email compromise (BEC) attacks.

‘While these campaigns are somewhat generic and opportunistic, they utilize advanced methods to execute social engineering, avoid detection, and increase the reach of threat actors to other accounts and tenants.’ – Microsoft Threat Intelligence team

This report’s timing is notable, arriving less than a year after Sekoia introduced a new AitM phishing kit called Mamba 2FA.

This kit, categorized as phishing-as-a-service (PhaaS), enables smaller threat actors to launch similar email phishing operations. Available for $250, this kit has been actively utilized since November of the previous year.

Microsoft appears to be making significant strides in enhancing the security of its products and services. The company has recently introduced a series of security updates, which address a total of 118 vulnerabilities.

Of the 118 identified vulnerabilities, 3 have been classified as critical, 2 as moderate, and the remaining 113 as important. Alarmingly, two of these vulnerabilities were found to be actively exploited:

While Microsoft has not disclosed specific details on the exploitation methods or the attackers involved, these vulnerabilities have caught the attention of the U.S. Cybersecurity and Infrastructure Security Agency (CISA). They have been included in the Known Exploited Vulnerabilities (KEV) catalog, with a directive for federal agencies to address them by October 29, 2024.

Your email address will not be published. Required fields are marked *.

Krishi is an enthusiastic Tech Journalist and content creator, specializing in both B2B and B2C writing. His primary goal is to simplify the software purchasing process for businesses while improving their online visibility and SEO strategies.

He possesses a unique talent for covering technology news, crafting informative pieces on customer relationship management (CRM) software, and suggesting project management tools tailored to assist small businesses in boosting their revenue.

In addition to his writing and blogging endeavors, Krishi enjoys delving into the financial markets and playing cricket in his spare time.


Posted

in

by

Tags: