OneDrive for Business linked to malware menace

Legitimate accounts are being compromised to spread malware

Microsoft’s OneDrive for Business cloud storage locker is apparently being used to host and attempt to spread malware, so be warned if you’re emailed links to the service which seem at all suspicious.

According to Forcepoint Security Labs, cybercriminals have been engaging in this practice since August, using an unknown number of compromised OneDrive accounts and MySite links which can be shared with third-parties via email.

Should you click on such a dodgy link, it will download an infected archive file or EXE, with obvious dire repercussions.

And these malware-laden links are apparently being spread by major email campaigns firing them off to as many potential victims as possible.

The sample of this scam provided by Forcepoint is a typical one – it uses an invoice linked in the OneDrive for Business account to try to tempt the victim into opening it (an ‘unpaid’ bill or invoice is a common trick to immediately make the victim curious as to exactly what they ‘owe’).

  • In dire need of a new computer? These are the best PCs of 2016

Matter of trust

The criminals also hope that by using OneDrive for Business, their dodgy links are more likely to be trusted. Particularly because these are genuine OneDrive accounts which have been compromised.

This scam is predominantly targeting Australia and the UK right now, with 55% of emails sent to the former country, and 40% sent to British citizens. It’s certainly one worth keeping an eye out for – indeed, when you receive any sort of link in an email, you should regard it with a healthy amount of suspicion, whether it’s to OneDrive, or any other cloud storage service for that matter.

Roland Dela Paz, a senior security researcher at Forcepoint, also warned that businesses must be alert to this threat and possible reputational damage. He commented: “While it is unknown how OneDrive for Business accounts are being compromised, it entails additional risk not only for the compromised user but also for the affected business as it means that the attackers may also have access to other business assets and contacts.

“In addition, the URL format of OneDrive for Business download links contain the business domain name of a compromised user. This can consequently tarnish the reputation of a business.”

Via: Betanews