1. Home
  2. >
  3. Industry
  4. >

Microsoft Warns of New Phishing Campaign Abusing Cloud File Hosting Services

By:Emma

On October 9th, TapTechNews reported that Microsoft warns that legitimate cloud-hosted services such as SharePoint, OneDrive, and Dropbox are widely used by organizations to store, share, and collaboratively process files. But now a new phishing campaign is abusing different privacy settings in such cloud file hosting services to bypass security solutions and steal login credentials, deploy malware, etc.

Microsoft Warns of New Phishing Campaign Abusing Cloud File Hosting Services_0

According to Microsoft, attackers will first try to steal a person's cloud drive account, for example, by purchasing a stolen account on the black market or directly obtaining login credentials from other places (TapTechNews reminds: be sure to protect your Cookie login credentials and change the password in time if any abnormality is found).

Then, they will use these credentials to upload a document to one of these services, usually a fake Microsoft 365 login page, not only for stealing people's credentials but also for grabbing MFA codes and one-time passwords. Or, the file can contain a link to a malicious website, and then the victim may be deceived into providing login credentials such as passwords or downloading malware onto their devices.

Microsoft Warns of New Phishing Campaign Abusing Cloud File Hosting Services_1

Microsoft said that the cloud-based file hosting service itself supports scanning for malicious links and files, but depending on the privacy settings of the document, its cloud security solution may not be able to scan such malicious documents.

Microsoft explained: To bypass the analysis of the email security system, they will set the shared files in these phishing attacks to 'read-only' mode and disable the download function, thus avoiding the security system detecting the embedded URL in the file. Or, the hacker will limit direct access to only designated recipients, achieving the same result.

Microsoft Warns of New Phishing Campaign Abusing Cloud File Hosting Services_2

Files sent via phishing emails are configured for access only by specified recipients, which requires the recipient to log in to the file sharing service - whether it's Dropbox, OneDrive, or SharePoint - or re-authenticate by entering their email address and the verification code (OTP) received through the notification service.

Even worse, the attacker will not distribute these files in the traditional phishing way because when granting access rights to a specific account, the cloud service official will send an email notification to these account owners. Therefore, the victim will only receive an email from the official, further enhancing the degree of legitimacy disguise.

Related Reading:

Be Alert When Receiving Unknown-origin Emails, Security Company Warns of Hackers Setting up Fake Microsoft OneDrive Websites for Phishing Attacks

Microsoft phishing cloud services login credentials malware

Likes