Dridex Verspreid via onveilige Microsoft Onedrive for Business Accounts - Hoe, Technologie en PC Security Forum | SensorsTechForum.com

Dridex Verspreid via onveilige Microsoft Onedrive for Business Accounts


Forcepoint onderzoekers hebben een nieuwe stroom van aanvallen die Microsoft Microsoft Onedrive betrekken for Business onthuld. Cybercriminelen malware hosten op de dienst om links in e-mails die vervolgens aan gebruikers worden verzonden aan te vallen.

De onderzoekers zeg dat:

(...) cybercriminals have started to utilize compromised OneDrive for Business accounts for hosting malware since at least August of this year. One Drive for Business is a paid Microsoft service for businesses where employees can store and share files. Each registered employee has a personal URL calledMySitewhere work-related files can be uploaded and shared, even to external parties. The following shows the format of a MySite URL:

  • https://{business domain name}-my.sharepoint.com/personal/{employee user name}_{business domain name}/

Employee MySite Accounts Compromised and Deployed to Upload Malware

The generated download links are added in mass-mailing campaigns. Here is an example of an email:


It’s obvious that a Microsoft domain is leveraged because it looks trustworthy and users would trust the links and proceed with downloading the attached files.

Security researchers say that the malware being distributed in this campaign come from families like Dridex and Ursnif, or two major banking Trojans. The attachments are distributed in the form of executable files or archives with a JavaScript downloader inside. Momenteel, users in Australia and the UK are being targeted, but other countries may also be added.

Verwant: Zelfde Cyber-Gang Achter Dridex, Locky en CryptoWall

Echter, researchers were unable to conclude how the attackers succeeded to compromise OneDrive for Business accounts. This new type of attacks followed by malware distribution only shows that not only home users at risk but also businesses.

Such attacks could be extremely harming to businesses as malicious hackers can obtain access to private data stored in business accounts. Access to various business assets and contacts is also highly possible, onderzoekers waarschuwen.

De conclusie?

Attacks on online cloud storage services is a very effective way for cyber criminals to spread malware. As this attack tactic is already getting recognized as a repetitive model, cyber criminals are definitely looking for new social engineering deploys to guarantee success of their attempts.

The abuse of Microsoft OneDrive for Business service may aid them in this case. Since it is a known service for businesses, malicious download links hosted by such platform adds a layer of “vertrouwen” to prospective victims when downloading an unknown file.

Verwant: Virlock Ransoware Maakt gebruik van de cloud te infecteren Meer Gebruikers

Zoals gewoonlijk, users should not open any suspicious emails from unknown senders. And they should have a strong anti-malware solution installed on their systems. Ook, businesses should not underestimate the value of cyber security education. The deployment of such education is crucial in modern businesses.

Milena Dimitrova

Milena Dimitrova

Een geïnspireerde schrijver en content manager die heeft met SensorsTechForum sinds het begin. Gericht op de privacy van gebruikers en malware ontwikkeling, ze gelooft sterk in een wereld waar cybersecurity speelt een centrale rol. Als het gezond verstand heeft geen zin, ze zullen er zijn om aantekeningen te maken. Deze toelichtingen kunnen later om te zetten in artikelen! Volg Milena @Milenyim

Meer berichten

Volg mij:

Laat een bericht achter

Uw e-mailadres wordt niet gepubliceerd. Verplichte velden zijn gemarkeerd *

Termijn is uitgeput. Laad CAPTCHA.

Delen op Facebook Aandeel
Loading ...
Delen op Twitter Gekwetter
Loading ...
Delen op Google Plus Aandeel
Loading ...
Delen op Linkedin Aandeel
Loading ...
Delen op Digg Aandeel
Deel op Reddit Aandeel
Loading ...
Delen op StumbleUpon Aandeel
Loading ...