Australians main target of OneDrive malware campaign


By Dylan Bushell-Embling
Monday, 28 November, 2016

Australians main target of OneDrive malware campaign

Australians are the main target of a new malware campaign involving compromised Microsoft 365 OneDrive for Business accounts, research from Forcepoint Security shows.

The security company has identified an attack method involving compromising the personal URLs assigned to each registered employee of the Microsoft cloud storage service, known as MySite, and using the compromised accounts to spread malware.

Generated download links are then included in mass-mailing campaigns, which are being used to further distribute malware. Multiple malware families are being distributed using this method, Forcepoint said, including Dridex and Ursnif.

The resulting malicious link includes the domain name of the compromised business, lending legitimacy to the malware campaign. This also presents strong potential for reputational risk for affected companies.

Around 55% of the emails sent using this method were sent to Australian recipients, with 40% from the UK, Forcepoint said.

In addition, one of the seven most frequent subject lines for emails containing malicious OneDrive for Business links was customised for Australia, as it involves a “request for ASIC correspondence reprint”.

It is currently unknown how OneDrive for Business accounts are being compromised, Forcepoint said. But hacked accounts present a security risk for the affected business as it means attackers may also have access to other business assets or contacts.

Image courtesy Microsoft.

Related News

Cloud AI workloads exposing enterprises to risk

Research from exposure management company Tenable suggests that 70% of cloud AI workloads contain...

HPE launches joint solutions with Veeam

HPE and Veeam Software are expanding their collaboration to cover closer integration of the Veeam...

Crowdstrike Falcon launches on AWS Marketplace

Crowdstrike and AWS have partnered to make the Crowdstrike Falcon security platform available to...


  • All content Copyright © 2025 Westwick-Farrow Pty Ltd