Microsoft Warns of Rising Cyber Attacks Using Trusted File Hosting Services
The Hacker News
|
Contributed by: Drex DeFord
Summary
Microsoft has raised concerns about the growing use of legitimate file hosting services like SharePoint, OneDrive, and Dropbox in cyber attack strategies, particularly in business email compromise (BEC) schemes. This technique, referred to as living-off-trusted-sites (LOTS), enables threat actors to mask malicious activities within trusted network traffic, complicating efforts to detect and trace these attacks. Recent observations indicate an uptick in phishing campaigns leveraging restricted access files shared through these platforms, often initiated by compromising trusted vendor users. Targeted individuals receive phishing emails with links requiring one-time password authentication, leading them to pages aimed at stealing credentials and two-factor authentication tokens.
