October 9, 2024 at 01:03AM
Microsoft warns of cyber attack campaigns exploiting file hosting services like SharePoint and OneDrive. These attacks aim to compromise identities and conduct business email compromise (BEC) fraud. Phishing tactics include using view-only files requiring OTP authentication, leading to credential theft through adversary-in-the-middle (AitM) phishing pages.
### Meeting Takeaways – Oct 09, 2024
**Topic: Cybersecurity Threats Related to Legitimate File Hosting Services**
1. **Emerging Threats**: Microsoft has identified ongoing cyberattack campaigns exploiting legitimate file hosting services (like SharePoint, OneDrive, and Dropbox) as a method of evading traditional defenses.
2. **Primary Objectives**:
– Compromise identities and devices.
– Execute Business Email Compromise (BEC) attacks.
– Facilitate financial fraud and data exfiltration.
3. **Methodology**:
– The attacks are termed “living-off-trusted-sites” (LOTS).
– They leverage the trust associated with well-known services to deliver malware and bypass security guardrails.
4. **Phishing Tactics**:
– Recent phishing campaigns involve files with restricted access and “view-only” settings.
– Attacks often commence through compromising users within trusted vendors to stage malicious files.
5. **Accessibility and User Interaction**:
– Files sent via phishing are only accessible to specific recipients, requiring them to log into the file service and authenticate via a one-time password (OTP).
– Attempting to access these files leads to a phishing page designed to capture passwords and two-factor authentication (2FA) tokens.
6. **Impact of Attacks**: Successful access allows threat actors to control accounts, promoting further scams, including financial fraud.
7. **Sophistication of Attacks**:
– These campaigns utilize advanced social engineering techniques to avoid detection and expand to other accounts.
8. **Tools and Offerings**: AitM phishing kit named Mamba 2FA is available as a subscription service for other malicious actors, supporting multiple authentication methods and allowing for streamlined credential theft.
9. **Recommended Actions:**
– Organizations should enhance their security measures by educating employees about these threats and developing strategies to counteract the exploitation of legitimate services.
– Continued vigilance and updates to defenses against evolving phishing techniques are crucial.
### Follow-Up
For further insights and updates on cybersecurity threats, consider following Microsoft and related cybersecurity organizations on platforms like Twitter and LinkedIn.