14 DAY TRIAL // Cybercriminals are always seeking new ways to convince their victims to load websites or download malicious files, and this time they have turned to Microsoft services to make links look legitimate.
Security company Forcepoint has discovered a new wave of attacks involving Microsoft’s OneDrive for Business, with cybercriminals hosting malware on Redmond’s service and then attaching links to emails sent to victims.
Since it’s a Microsoft domain, attackers expect victims to trust the links and download the attached files, which would eventually infect their systems.
According to security researchers, most attachments hosted on OneDrive for Business are infected with malware families such as Dridex and Ursnif. Attachments are usually delivered as executable files or archives that include a JavaScript downloader. The attacks are mostly aimed at users in Australia and the United Kingdom for the time being.
Compromised OneDrive accounts
Forcepoint explains that it’s unclear for the moment how attackers managed to compromise the OneDrive for Business accounts, but in addition to malware spreading, this new series of hacks shows that not only users targeted by malicious emails are exposed but also these businesses themselves.
Depending on the information and data they store in their OneDrive accounts, cybercriminals could get access to sensitive details, so it’s essential for businesses to take actions and secure their accounts.
“While it is unknown how OneDrive for Business accounts are being compromised, it entails additional risk not only for the compromised user but also for the affected business as it means that the attackers may also have access to other business assets and contacts,” the company explains.
It goes without saying that users who receive emails coming from untrusted sources should be extra cautious, especially if they are encouraged to download files or attachments that appear to be compromised. An antivirus solution can also help since these are known forms of malware, but staying away from such files is usually the most effective way to prevent an infection.