There is a growing threat of file-sharing phishing attacks, whereby threat actors use popular file-hosting or e-signature services to fool users into disclosing private information, or to download malware, according to research.
“The trust that people place in these kinds of services, especially those with recognizable brand names, makes them the perfect vehicle for launching phishing attacks,” said Abnormal Security.
Its H2 2024 Email Threat Report examined data collected between June 2023 and June 2024. It saw file-sharing phishing volume more than triple, increasing 350 percent over the year.
The majority of these attacks were “sophisticated in nature,” with 60 percent exploiting legitimate domains, most commonly webmail accounts such as Gmail, iCloud, and Outlook, file storage and sharing platforms like Dropbox, e-signature solutions such as Docusign, and productivity and collaboration platforms.
“Very few companies block URLs from these services because they aren’t inherently malicious,” said Mike Britton, chief information security officer at Abnormal Security. “By dispatching phishing emails directly from the services themselves, attackers hide in plain sight, making it harder for their targets to distinguish between legitimate and malicious communications.
“And when attackers layer in social engineering techniques, identifying these attacks becomes near-impossible.”
The finance industry was found to be most at risk, with file-sharing phishing attacks making up one-in-ten attacks. As financial institutions rely on file-sharing platforms to securely exchange documents, attackers have “ample opportunities” to slip in a fraudulent file-sharing notification among a sea of invoices, contracts, investment proposals, and regulatory updates, said Abnormal.
The second most vulnerable industry was construction and engineering, followed by real estate and property management companies. These sectors not only rely heavily on frequent document transfers via file-sharing platforms, but also involve time-sensitive projects with large payouts. By exploiting the urgency of these exchanges, attackers have an opportunity to send file-sharing phishing attacks that appear time-critical and, blend in seamlessly, with legitimate emails.
Abnormal Security describes itself as an “AI-native human behavior security platform,” using machine learning to stop sophisticated inbound attacks, and to detect compromised accounts across email and connected applications. The anomaly detection engine leverages identity and context to understand human behavior, and analyze the risk of every cloud email event.
Protection is offered for Microsoft 365, Google Workspace, Slack, Workday, Salesforce, ServiceNow, Zoom, Amazon Web Services, and other cloud applications.