How did OneDrive and Dropbox become top phishing tools?
Microsoft warns of a rise in attacks using file storage services such as SharePoint, OneDrive and Dropbox to circumvent defenses. In these cyberattacks, attackers compromise business email (BECs), resulting in financial theft, data theft, and the spread of malware to other devices.
Criminals use legitimate internet services to masquerade as legitimate traffic and avoid traditional defenses. This approach is known as "Living-off-Trusted-Sites" (LoTS), where attackers bypass email security filters and deliver malware through files hosted on popular platforms.
Microsoft notes that since April 2024, phishing campaigns that use restricted files have become especially intense. These attacks begin by compromising users of trusted vendors, after which malicious documents are placed on file storage services for further transmission to targeted victims.
Recipients of such files are forced to authenticate through one-time passwords (OTP), which increases trust in the process. Upon successful authentication, victims are redirected to fake pages where their login details, including two-factor authentication tokens, are stolen.
This data allows attackers not only to seize control of the account, but also to continue attacks, spreading them to other systems and committing financial fraud. As the Microsoft Threat Intelligence team notes, such attacks rely on sophisticated social engineering techniques to bypass security systems.
Modern cyberattacks are increasingly using trust in popular services, turning them into tools for bypassing protection. Companies should be prepared for the fact that familiar and reliable platforms can become a source of threat if additional security measures are not taken.
Source
Microsoft warns of a rise in attacks using file storage services such as SharePoint, OneDrive and Dropbox to circumvent defenses. In these cyberattacks, attackers compromise business email (BECs), resulting in financial theft, data theft, and the spread of malware to other devices.
Criminals use legitimate internet services to masquerade as legitimate traffic and avoid traditional defenses. This approach is known as "Living-off-Trusted-Sites" (LoTS), where attackers bypass email security filters and deliver malware through files hosted on popular platforms.
Microsoft notes that since April 2024, phishing campaigns that use restricted files have become especially intense. These attacks begin by compromising users of trusted vendors, after which malicious documents are placed on file storage services for further transmission to targeted victims.
Recipients of such files are forced to authenticate through one-time passwords (OTP), which increases trust in the process. Upon successful authentication, victims are redirected to fake pages where their login details, including two-factor authentication tokens, are stolen.
This data allows attackers not only to seize control of the account, but also to continue attacks, spreading them to other systems and committing financial fraud. As the Microsoft Threat Intelligence team notes, such attacks rely on sophisticated social engineering techniques to bypass security systems.
Modern cyberattacks are increasingly using trust in popular services, turning them into tools for bypassing protection. Companies should be prepared for the fact that familiar and reliable platforms can become a source of threat if additional security measures are not taken.
Source
