Story image

Cyber crims targeting Aussie companies with Microsoft OneDrive accounts

28 Nov 16

Cyber-criminals are using compromised Microsoft 365 ‘OneDrive for Business’ accounts to spread malware throughout Australian companies.

That’s according to global research conducted by Forcepoint - a cyber-security firm powered.

Forcepoint research found cybercriminals predominately targeted Australia using this method with 55% of emails sent to recipients in Australia.

With the use of cloud storage growing exponentially, Forcepoint advises that businesses need to be more aware of the associated risk and how they can protect themselves.

One Drive for Business is a paid Microsoft service for businesses where employees can store and share files. Each registered employee has a personal URL called "MySite" where work-related files can be uploaded and shared, even to external parties.

According to Forcepoint, these employee MySite accounts are being compromised and used to upload malware.

Based on Forcepoin’s research , the top 7 email subjects containing malicious OneDrive for Business links for the past 90 days include:

  • Please Docusign these documents 
  • Request for ASIC correspondence reprint
  • Thomas shared “Agreement AHAlife 11-2016” with you
  • Melissa shared “Scan001.zip” with you
  • New playslip available for pay period ending 8/11/2016

Since it is a known service for businesses, malicious download links hosted by such platform adds a layer of "trust" to prospective victims when downloading an unknown file.

Businesses that utilise third-party business solutions such as OneDrive for Business are advised to put additional focus on the security of the related user accounts to prevent such risks.

Forcepoint also points out that users should be vigilant when downloading files from OneDrive for Business (Sharepoint) links coming from an unsolicited email.

Dimension Data nabs three Cisco partner awards
Cisco announced the awards, including APJ Partner of the Year, at a global awards reception during its annual partner conference.
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
Why the adoption of SAP is growing among SMEs
Small and medium scale enterprises are emerging as lucrative end users for SAP.
Exclusive: How the separation of Amazon and AWS could affect the cloud market
"Amazon Web Services is one of the rare companies that can be a market leader but remain ruthlessly innovative and agile."
HPE extends cloud-based AI tool InfoSight to servers
HPE asserts it is a big deal as the system can drive down operating costs, plug disruptive performance gaps, and free up time to allow IT staff to innovate.
Digital Realty opens new AU data centre – and announces another one
On the day that Digital Realty cut the ribbon for its new Sydney data centre, it revealed that it will soon begin developing another one.
A roadmap to AI project success
Five keys preparation tasks, and eight implementation elements to keep in mind when developing and implementing an AI service.
The future of privacy: What comes after VPNs?
"75% of VPN users said they are seeking a better solution for cloud networks."