Why are online storage services prime targets for phishing attacks?

Why are online storage services prime targets for phishing attacks?

Dark side threat players are finding ways to exploit cloud-based online storage services and using social engineering techniques to infiltrate organizations and install malware.

Online cloud storage services are also great for sharing files with friends. However, not all links to online hosting are safe, as more and more criminals are abusing popular cloud-based file sharing services to spread links to malicious software. Attackers use phishing techniques to trick victims into downloading malicious files. A recent report by Unit42 security researchers shows just how dangerous such links can be. According to their report, members of the Cloaked Ursa (APT29) hacker group used such links to attack the Portuguese and Brazilian embassies in May and June 2022. The attackers used a specially crafted PDF that would, in principle, lead to scheduled appointments with embassies. However, clicking on the link initiated a series of malicious actions, such as obtaining user data and downloading malware from Google Drive or Dropbox. In fact, criminals used online storage to park stolen information there. Cloaked Ursa likely works under the umbrella of the Russian intelligence service SVR and has attracted attention in the past, such as the SolarWinds hack. However, less well-organized hacker groups also use such tricks to attack individuals. Chris Morgan, lead cyber threat analyst at digital risk protection solutions provider Digital Shadows, said that trusted cloud storage platforms are extremely attractive to cyber threat actors and that living-off-the-land techniques are becoming increasingly popular. These are attacks that use native tools already present on the victim’s system, as their use masks malicious activity and helps avoid detection.”Cloud storage platforms are commonplace in corporate networks, and material shared via Dropbox or Google Drive is unlikely to raise undue suspicion. Abuse of cloud storage solutions is extremely common, including by state-sponsored and cybercriminal threat groups,” Morgan said. . Minimizing the risk of cloud storage services comes in large part from understanding what services are being used within the network and establishing processes for safe use. This can quantify the risk associated with their use, according to the expert’s opinion. It recommends that administrators document which processes should be allowed and which should be denied, and establish what detection measures are in place to detect abuse.”Authentication controls, such as using a VPN to create secure, encrypted channels between the cloud and users, can also go a long way in minimizing the chances of cloud storage services being misused by threat actors,” he added. According to Andrew Hay, COO of information security consulting firm LARES Consulting, the two biggest drivers of cloud storage adoption are cost and the general availability of online storage services. “Registering a new Google account and sharing files costs absolutely nothing. Also, many organizations simply allow access to cloud hosting providers so as not to disrupt employees’ work,” he said. For better protection, organizations should define an approved list of cloud hosting providers and deny access to anything not on the approved list. According to Hay, it would also be a good idea to provide an enterprise file sharing and storage platform and make it an approved, standard means of sharing files. The threat of attacks via online storage services “ebbs and flows” like many other threat vectors. “We often see threat actors moving from tools that don’t work to something that worked before – and maybe will work again,” Hay said. According to John Bambenek, senior threat hunter at security and operations analytics SaaS company Netenrich, online storage services are an attractive vector for cybercriminals because anything trusted and in use in a victim’s organization can be used. “Criminals live and die by click-through rate. US organizations would not recognize or consider QQ as normal. However, if the user is using Google Drive, they are much more susceptible to attacks involving or referencing it,” he said. Behavioral analytics are key to detecting account takeovers, which detect some of this, while strong anti-phishing protections for email services also help – rather than relying on Office 365, for example, he said. Finally, according to Bamben, users should be trained to be vigilant so that they can spot such attempts and report them to the security operations center.”These attacks are increasing as the reliability of services increases. This becomes more profitable because many aspects of cyber security, such as network security or IDS, are not available to protect cloud resources. Taking over corporate accounts means much more now that everyone is logging in remotely and access your cloud resources,” he notes. Bambenek predicts that attacks will continue to evolve as organizational IT stacks evolve, pointing out that 10 years ago, organizations might have blocked cloud storage as a data loss vector, but today they are a trusted resource. “Basically everything is open and visible to attackers who literally attend the same trade shows as us to see how the IT space is changing,” he saidHardware, software, tests, interesting and colorful news from the world of IT by clicking here!

Leave a Comment

Your email address will not be published.