Hacked SharePoint Sites Used to Bypass Secure Email Gateways

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/hacked-sharepoint-sites-used-to-bypass-secure-email-gateways/

Phishers behind a new campaign have switched to using compromised SharePoint sites and OneNote documents to redirect potential victims from the banking sector to their landing pages.

The attackers take advantage of the fact that the domains used by Microsoft's SharePoint web-based collaborative platform are almost always overlooked by secure email gateways which allows their phishing messages to regularly reach their targets' inboxes.

The emails sent as part of this new phishing campaign are delivered from compromised accounts and will ask the targets to review a legal assessors proposal via an URL embedded within the message as Cofense Cyber Incident Response researchers discovered.

"SharePoint is the initial delivery mechanism to deliver a secondary malicious URL, allowing the threat actor to circumvent just about any email perimeter technology," found Cofense.

This URL links to an attacker-controlled SharePoint site created using a hacked account hosting a maliciously crafted OneNote document designed to be illegible and asking the targets to download the full version via an embedded link which actually sends the bank employees to the phishing page.

Read more below:

Hacked SharePoint Sites Used to Bypass Secure Email Gateways

Phishers behind a new campaign have switched to using compromised SharePoint sites and OneNote documents to redirect potential victims from the banking sector to their landing pages.

www.bleepingcomputer.com

Phishing Emails Using SharePoint Slip Past Gateway | Cofense

Symantec's gateway is not foolproof. Learn how phishing emails using SharePoint managed to slip past and attack banks.

cofense.com