Microsoft has recently observed more attack campaigns misusing file hosting services and which are increasingly using defense evasion tactics involving files with restricted access and view-only restrictions. They issued a warning in their threat intelligence blog on Tuesday, explaining that these attacks are intended to compromise identities and devices, and usually lead to further business email compromise (BEC) attacks. The widespread use of file hosting services, such as SharePoint, OneDrive, and Dropbox makes them attractive targets for threat actors. While these campaigns are generic and opportunistic in nature, they involve sophisticated techniques to perform social engineering, evade detection, and move laterally across endpoints.
WaterISAC is aware of at least one utility that reported an Attacker in the Middle (AiTM) attack, also known as Man in the Middle attack (MITM), in the Quarterly Incident Survey which follows this similar pattern of attack. It is included in the Q2 WaterISAC Quarterly Incident Report that was published today.
Members are encouraged to review Microsoft’s blog post which includes an attack overview and Recommended actions sections useful for identifying and defending against this threat. Members are also encouraged to regularly remind users about current threat campaigns that mimic legitimate services and what to watch out for when these messages land in their inboxes. For more information and additional analysis, visit The Hacker News.
WaterISAC Resources:
- Cyber Resilience – Don’t Get Hooked, Phishing Can Still Bypass MFA | August 2024
- EPA Office of Inspector General Issues BEC Fraud Alert | February 2024
- Security Awareness – Another Phishing Campaign Leveraging Dropbox | March 2024
- Security Awareness – A Must Read if your Utility Uses Email and Pays Invoices: BEC with a New Twist | August 2023
Additional Resource:
- Business Email Compromise: What It Is and How to Prevent It | National Cybersecurity Alliance
