Cyber crims targeting Aussie companies with Microsoft OneDrive accounts
Cyber-criminals are using compromised Microsoft 365 ‘OneDrive for Business’ accounts to spread malware throughout Australian companies.
That’s according to global research conducted by Forcepoint - a cyber-security firm powered.
Forcepoint research found cybercriminals predominately targeted Australia using this method with 55% of emails sent to recipients in Australia.
With the use of cloud storage growing exponentially, Forcepoint advises that businesses need to be more aware of the associated risk and how they can protect themselves.
One Drive for Business is a paid Microsoft service for businesses where employees can store and share files. Each registered employee has a personal URL called "MySite" where work-related files can be uploaded and shared, even to external parties.
According to Forcepoint, these employee MySite accounts are being compromised and used to upload malware.
Based on Forcepoin’s research , the top 7 email subjects containing malicious OneDrive for Business links for the past 90 days include:
- Please Docusign these documents
- Request for ASIC correspondence reprint
- Thomas shared “Agreement AHAlife 11-2016” with you
- Melissa shared “Scan001.zip” with you
- New playslip available for pay period ending 8/11/2016
Since it is a known service for businesses, malicious download links hosted by such platform adds a layer of "trust" to prospective victims when downloading an unknown file.
Businesses that utilise third-party business solutions such as OneDrive for Business are advised to put additional focus on the security of the related user accounts to prevent such risks.
Forcepoint also points out that users should be vigilant when downloading files from OneDrive for Business (Sharepoint) links coming from an unsolicited email.