Cybercriminals are abusing legitimate cloud services to make sure their malicious files make it to people’s inboxes, new research from Check Point have said.
Dubbingthe practice Business Email Compromise (BEC) 3.0, the researchers said email service providers had gotten a lot better at spotting and filtering malicious emails.
So in order to work around this, hackers have started using legitimate cloud services, especially those that offer free trial accounts. They would create a free account on a platform such as Dropbox, and use that service to send an email to their victim, carrying a malicious link. Given that the email would be coming from a trusted source and a known domain, email security services can do nothing but let the message reach the inbox.
Abusing filesharing services
In an example, Check Point said the attackers would create a malicious file and host it on Dropbox. They would then use the platform’s built-in sharing feature to email the link to the malicious file to their victims. As there’s nothing malicious about the email itself, the message would make it into the victim’s inbox.
If the victim opens the file, they would be prompted with a login form asking for their email address and password. In this, first step, the victims would already be giving their Dropbox credentials to the attackers. In the next step, the attackers would redirect the victim to a malicious URL, where they’d be asked for their OneDrive login credentials, as well.
“So the hackers, using a legitimate site, have created two potential breaches: They will get your credentials and then potentially induce you to click on a malicious URL,” the researchers explained. “That’s because the URL itself is legitimate. It’s the content on the website that’s problematic. You’ll see the hackers mocked up a page that looks like OneDrive. When clicking on the link, users are given a malicious download. “
As usual, the best way to protect against email-borne attacks is to use common sense and not click on unexpected and suspicious links and email attachments.