Legitimate services like OneDrive and Dropbox are abused for fraudulent emails. Hackers use free spaces and send harmless sharing links with dangerous targets.
Avanan security researchers warn of a disturbing new attack vector that exploits legitimate services and poses a significant threat to email security. The new method is to be seen against the background of the alarming fact that in 2022 email-based threats accounted for 86 percent of all attacks.
Legal accounts for BCE attacks too
Hackers have developed a sophisticated approach to use legitimate programs like Dropbox and OneDrive for their scams. By setting up free Dropbox accounts, they can launch phishing attempts and embed malicious malware in seemingly harmless file-sharing links, rather than having to deal with bogus sites or programs.
Do you have a moment?
Take a few minutes for our 2023 user survey and help make B2B-CYBER-SECURITY.de better!You only have to answer 10 questions and you have an immediate chance to win prizes from Kaspersky, ESET and Bitdefender.
Here you go directly to the survey
Check Point's Harmony Email researchers conducted a comprehensive analysis of this new attack vector and identified the threats and implications for individuals and organizations. In their attack vector sketch, they provide valuable insight and guidance for security professionals on how to mitigate the threats posed by this new variant of Business Email Compromise (BEC).
Security Recommendations
- Implement security measures that thoroughly inspect all URLs and emulate the underlying web pages to detect and prevent fraudulent content.
- Educate users about this evolving form of BEC and raise awareness of the risks of accessing file-sharing links from untrustworthy sources.
- Deploy AI-based anti-phishing software that can effectively block and neutralize phishing attempts across the productivity suite for comprehensive protection against email-based threats.
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.