Australians main target of OneDrive malware campaign

By Dylan Bushell-Embling
Monday, 28 November, 2016

Australians main target of OneDrive malware campaign

Australians are the main target of a new malware campaign involving compromised Microsoft 365 OneDrive for Business accounts, research from Forcepoint Security shows.

The security company has identified an attack method involving compromising the personal URLs assigned to each registered employee of the Microsoft cloud storage service, known as MySite, and using the compromised accounts to spread malware.

Generated download links are then included in mass-mailing campaigns, which are being used to further distribute malware. Multiple malware families are being distributed using this method, Forcepoint said, including Dridex and Ursnif.

The resulting malicious link includes the domain name of the compromised business, lending legitimacy to the malware campaign. This also presents strong potential for reputational risk for affected companies.

Around 55% of the emails sent using this method were sent to Australian recipients, with 40% from the UK, Forcepoint said.

In addition, one of the seven most frequent subject lines for emails containing malicious OneDrive for Business links was customised for Australia, as it involves a “request for ASIC correspondence reprint”.

It is currently unknown how OneDrive for Business accounts are being compromised, Forcepoint said. But hacked accounts present a security risk for the affected business as it means attackers may also have access to other business assets or contacts.

Image courtesy Microsoft.

Related News

Melbourne more hyperconnected than Sydney: study

Melbourne has pulled out ahead of Sydney in a ranking of 100 cities in terms of their progress...

Enterprises plan 'aggressive' shift to hybrid cloud

According to new research, 85% of respondents consider hybrid cloud to be their ideal IT...

Companies detect only 1% of IaaS misconfiguration incidents

Ninety per cent of companies said they have experienced a security issue while using IaaS, but a...

  • All content Copyright © 2020 Westwick-Farrow Pty Ltd