Cybercriminals are increasingly turning to trusted file hosting services such as SharePoint, OneDrive, and Dropbox to launch sophisticated attacks. This trend leverages the trust users have in these platforms to bypass security measures and execute malicious activities. Understanding this evolving threat is crucial for individuals and organizations alike to bolster their cybersecurity defenses.
The Rise of LOTS and LIS Attacks
Weaponization of Trusted Services
Cyber adversaries exploit the inherent trust in platforms like SharePoint, OneDrive, and Dropbox to carry out their attacks. These services are widely used and trusted by millions of users, making them ideal targets for malicious activities. By embedding malicious content within these platforms, attackers can bypass traditional security mechanisms and execute their attacks more effectively. This exploitation is referred to as “living-off-trusted-sites” (LOTS) or the weaponization of legitimate internet services (LIS).
The widespread trust placed in these platforms makes it difficult for conventional security systems to identify the malicious activity. Organizations often have these platforms whitelisted, assuming the content is safe, which eliminates a critical layer of scrutiny. Consequently, cybercriminals can leverage this inherent trust to perform business email compromise (BEC) attacks, often slipping under the radar of existing security measures. The growing frequency of such attacks highlights the necessity of re-evaluating the trust model within cybersecurity frameworks.
Sophisticated Phishing Campaigns
One of the key methods employed by cybercriminals is the use of sophisticated phishing campaigns. Beginning in mid-April 2024, there was a notable increase in phishing attempts that used links to “view-only” files on these trusted platforms. Recipients are required to verify their identity before accessing the content, a tactic that adds an air of legitimacy to the phishing attempt. By mimicking the workflow of legitimate document-sharing processes, attackers effectively deceive their victims into unwittingly disclosing sensitive information.
These phishing campaigns are meticulously crafted to avoid detection, often using several techniques to appear legitimate and bypass spam filters. Attackers employ social engineering tactics to create a sense of urgency or legitimacy, making the recipient more likely to follow through with the identity verification process. The sophistication of these campaigns underscores the cybercriminals’ deep understanding of user behavior and trust relationships within organizational structures, enabling them to craft increasingly effective attacks.
The Mechanics of Identity Verification Exploits
Leveraging One-Time Passwords
To deceive victims, attackers often request verification through one-time passwords (OTPs). Upon clicking the malicious link, recipients are prompted to enter their email address and an OTP sent via email notification. This step exploits the victim’s trust in the security procedures of legitimate services. Cybercriminals bank on the assumption that users are accustomed to such verification methods, making them less likely to question the legitimacy of the request.
The OTPs add a layer of perceived security to the malicious request, making it seem more legitimate to the unsuspecting user. Once the user enters their email and OTP, they believe their credentials are being verified by the trusted platform, when in fact they are being collected by cybercriminals. This method of leveraging widely accepted security practices to harvest sensitive information demonstrates the attackers’ ability to manipulate trust-based security protocols to their advantage.
Cybercriminals are increasingly exploiting trusted file hosting services like SharePoint, OneDrive, and Dropbox to carry out sophisticated attacks. These platforms, trusted by millions for their security and reliability, are now being manipulated to bypass various cybersecurity measures. Attackers take advantage of the implicit trust users and networks have in these mainstream services, making it more challenging to detect and prevent malicious activities. Consequently, understanding this shifting threat landscape is crucial for both individuals and organizations. It’s no longer enough to rely solely on the inherent security features of these platforms; proactive measures must be taken. Enhancing cybersecurity protocols, conducting regular security audits, educating users about potential risks, and fostering a culture of vigilance are essential steps in defending against these evolving threats. With cybercriminals continually seeking new ways to exploit trusted services, staying informed and prepared is more important than ever to safeguard sensitive data and maintain both personal and organizational security.