Threat Actors Exploit Dropbox Messages in BEC 3.0 Attack Campaign
Rapid Evolution of BEC Attacks
The cybersecurity firm Check Point Harmony has recently observed a fast-growing business email compromise (BEC) campaign that exploits messages sent from Dropbox to steal Microsoft user credentials. This attack has evaded traditional security scans by using legitimate sites that are trusted and familiar to end-users. The attackers create fake login pages that direct victims to a credential-harvesting site. In just the first two weeks of September, Check Point researchers witnessed more than 5,000 such attacks. Similar tactics have been observed using popular sites like Google, QuickBooks, and PayPal. These attacks, known as BEC 3.0, pose a significant threat since they bypass natural language processing (NLP) technology and URL scanning used by email security services.
Phishing Campaign Details
The phishing messages in this campaign appear to come directly from Dropbox, informing users that they have files to download. Clicking on the link provided in the message leads victims to a page hosted on a legitimate Dropbox URL. However, this page is branded as OneDrive, a Microsoft cloud storage and download service. If users fail to spot the discrepancy, they are then redirected to a phishing site that mimics the login page for Microsoft SharePoint. Victims are prompted to enter their credentials on this page, which is hosted outside of Dropbox. The combination of using legitimate services like Dropbox and Microsoft SharePoint makes these attacks particularly difficult to detect and stop.
The Challenge of BEC 3.0
BEC attacks have long impersonated legitimate entities but BEC 3.0 takes advantage of cloud services, presenting a new challenge for defenders. These attacks are extremely deceptive as they appear to come from trusted sources, making it hard for both security services and end users to identify them. The rapid evolution and sophistication of BEC attacks have contributed to their increasing frequency and intensity. In 2022, BEC attacks accounted for over 21,000 complaints reported to the FBI, resulting in adjusted losses of more than $2.7 billion. Over the past decade, businesses worldwide have suffered losses exceeding $50 billion due to BEC attacks, showing a 17% year-over-year growth in 2022.
Protecting Against BEC Compromise
To defend against BEC 3.0 attacks, organizations should educate their employees about common tactics and encourage them to be vigilant when encountering suspicious emails or links from unfamiliar sources. In the case of the Dropbox campaign, the discrepancy between receiving an email from a Dropbox domain and being directed to a OneDrive account should raise red flags. By training employees to identify such discrepancies, they can take proactive steps to delete malicious messages without arriving at the phishing page.
Deploying a comprehensive security solution is also crucial in thwarting BEC 3.0 campaigns. This includes implementing document and file scanning capabilities, AI defenses, and a robust URL-protection system that conducts thorough scans and emulates webpages for enhanced security. By adopting these measures, organizations can increase their defenses against BEC attacks and mitigate the risk of credential theft.
Conclusion
The recent BEC 3.0 campaign that exploits Dropbox messages to steal Microsoft user credentials highlights the evolving tactics of threat actors. Their ability to utilize legitimate sites makes it challenging for both NLP-based security scans and URL scanning to detect these attacks. Organizations must prioritize educating their employees and deploying comprehensive security measures to combat the rising threat of BEC attacks. As businesses increasingly rely on cloud services for data storage and sharing, defending against these sophisticated attacks becomes imperative. The continued growth and severity of BEC attacks emphasize the need for global cybersecurity efforts to combat this significant threat to businesses and individuals alike.
<< photo by Elina Volkova >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- US Executives Beware: Phishing Attacks Exploit Vulnerability in Indeed Job Platform
- “Cybersecurity Struggles: CISOs Caught Between Ransomware Crisis and Looming Recession”
- Tom Hanks Sounds Alarm Over AI Impersonator in Advertisement
- The Rise of In-House Training: Sourcing Rust Developers in Today’s Tech Landscape
- Attackers Targeting Luxury Hotels: Examining the MGM and Caesar’s Incidents
- “The Growing Threat: Exploring the Rise of SMS-Based Phishing Attacks on Cloud Clients”
- Critical Flaws in TorchServe: A Threat to Major Companies’ AI Infrastructure
- The Vulnerable Guard: Unveiling Critical TorchServe Flaws and the Risk to Major AI Infrastructure
- Data-Stealing Malicious npm Packages: An Increasing Threat to Developers
- Megaupload Duo Sentenced: Kim Dotcom’s Relentless Battle for Justice Continues
- Navigating the Cloud Security Maze: A Guide to Protecting Your Data in the Digital Age
