Phishing attacks are attempts to get e-mail recipients to provide sensitive information that can be used by the sender, generally presented as the authority of some account or business. They request that recipients provide information that could be misused for some type of illegal practical gain of the sender. An example of this would be a fake email from PayPal requesting that the reader verify their bank information to address some kind of update or security risk. These phony requests will result in the fraudulent use of the user’s info.
SharePoint or PhishPoint attacks are a specific kind of phishing attack that involves SharePoint users being targeted by hackers using malware to misuse information, or otherwise induce undesirable consequences to unsuspecting and vulnerable users. PhishPoint attacks are not unique in that they still involve the basic attempts of hackers to deceive the consumer. They are designed to make someone believe that the sender is a representative of a viable organization. They pretend to be approaching the consumer for valid and honest reasons. They are intended to seem genuine.
PhishPoint attacks target SharePoint users and OneDrive accounts in an attempt to get vital personal information from the user. If the recipient clicks on the bad link, they open the door to malicious software or malware that steals the user’s information. The user’s system is infiltrated through malicious HTML and URLs that can steal banking information or spread malware as described.
Victims of this form of attack may also experience an impersonation of a standard access request to business documents stored within OneDrive accounts. These may then be stolen through hacking codes. Sometimes access is made possible through a fake Office 365 login redirection.
Illegal logins have been reported through this form of attack in increasing numbers in recent times, as hackers continue to find new ways to penetrate the best security efforts at Microsoft. Secant Technologies explained that business documents used in OneDrive should be protected by a combination of software and general best practices in addressing third-party or spam email requests. Users should be skeptical of redirections to login screens that have any unusual or seemingly unofficial characteristics. It takes a keen eye to spot them.
Although firewalls and antivirus software may fully recognize and detect phishing scams, they are simply not enough to stop phishing scams from being successful. A new report shows that users are the weak link when it comes to internet security. A careless employee may click on an email attachment that downloads a destructive virus or ransomware. This will cause chaos in any organization. Eventually, companies pay out thousands of dollars to cyber thieves.
Cloud or email security can do little to eliminate phishing scams; it takes educating users on what to look for. While senders should be able to recognize spam or otherwise unofficial emails, they simply get busy and don’t pay enough attention.
PhishPoint campaigns of this nature may be detected and blocked within a matter of days or even hours, but any transmission of sensitive information during this time can still result in major consequences to individual users or the entire organization that they represent.
According to Security Affairs, approximately 10% of office users were affected by attempts to induce a PhishPoint attack within the two weeks of observation included in their assessment. This showed the extent that hackers are able to reach out to users in mass campaigns. While security developments such as ATP and Safe Links have been improved to reduce vulnerabilities, the basic nature of these attacks makes them dangerous. Many aspects of general security are left up to the individual user.
Office 365 currently involves yearly subscriptions with packages that can be upgraded to include ATP, Safe Links, and other security features. These will reduce vulnerabilities and increase security to avoid many forms of hacking, but cannot eliminate all forms of attack.
Office 365 security measures currently are capable of scanning links or URLs included in HTML code or the bodies of emails. They attempt to match recognized threats that have been added to blacklists, but they cannot prevent users from carelessly clicking on a malicious link.
Using baseStriker attack techniques, malicious links can be disguised. This technology is able to split a URL so that security software does not detect it as being malicious.
According to Avanan, hackers have been increasingly taking advantage of SharePoint files in phishing campaigns. Advanced security such as ATP and Safe Links can be beneficial but other layers of security protection are recommended. Office 365 contains excellent online security protection, but ccybercriminals consistently search for ways to bypass it.
Secant Technologies provides more information regarding common practices and recommendations for overall safety or protection from phishing campaigns.
Published By: Scott Clarke on September 5th, 2018