Microsoft's OneDrive and SharePoint, Dropbox, and other legitimate file hosting services have been increasingly leveraged by malicious actors to facilitate business email compromise attacks since mid-April, SC Media reports.
Intrusions involved the delivery of files with either restricted access or "view-only" limitations that seek re-authentication to be opened, only to be redirected to a malicious web page that exfiltrates targets' credentials, which would then be used for further BEC attacks, according to an analysis from the Microsoft Threat Intelligence team.
SlashNext Email Security and Oasis Security both observed that advanced phishing intrusions escalated in recent months.
"Security teams need to adopt a more comprehensive identity security approach that includes monitoring service accounts and other automated connections, as they are increasingly at the center of attacks aiming for financial fraud, data exfiltration, and lateral movement," said Oasis Security Vice President of Product Ido Geffen.