Hackers Use Microsoft OneDrive for Business for Malware Distribution

Computer experts from Forcepoint Security Labs have identified that hackers use Microsoft OneDrive for Business for malware distribution.

Microsoft OneDrive For Business Spreads Malware

Computer security researchers from the Forcepoint Security Labs reported that criminals use the Microsoft OneDrive for Business cloud storage platform for malware distribution. According to the vendors the hackers have been using the service to host various payloads that are linked in spam email campaigns which use social engineering tactics.

If the victims fall for the trap they can get infected with the dangerous viruses. The Forcepoint researchers have used various email samples to demonstrate how the hackers abuse the OneDrive for Business accounts. Notable cases include spam campaigns where the users receive counterfeit invoices or other financial information. By using the famous cloud service the hackers hope to make their links appear more legitimate to the victims.

The criminals have hacked genuine accounts and have used them for malware distribution as well which is an even dangerous tactic. According to the security reports the various scams primarily target computer victims from Australia and the UK. The Australian targets have received approximately 55% of the scam emails while the UK citizens the rest.

Both individual users and business users should be concerned as the scam targets everyone. It is currently unknown how the Onedrive for Business distribution accounts were compromised. Some of the scenarios include the following cases:

  • The accounts were compromised via a data leak
  • The accounts were compromised via a hacker attack
  • The accounts were created deliberately to serve malware by the attackers

The URL format of the OneDrive for Business downloads links use the business domain name of the compromised users. This can both increase the infection ratio as well as lower severely the reputation of the affected business.

OneDrive for Business is part of the Office 365 or SharePoint Server packages that are used by companies worldwide to store, share and sync their work files.

Here is Microsoft’s description of the service:

Microsoft offers another storage service called OneDrive. You may already be using OneDrive to store documents and other content in the cloud. This service is different from OneDrive for Business:

OneDrive is online personal storage that you get with either a Microsoft account or Outlook.com. Use OneDrive to save documents, photos, and other files in the cloud, share them with friends, and even collaborate on content. You’re free to decide how you want to use it.

OneDrive for Business is online storage intended for business purposes. Your OneDrive for Business is managed by your organization and lets you share and collaborate on work documents with co-workers. Site collection administrators in your organization control what you can do in the library.

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts