Protect your data, ensure compliance, and strengthen your security posture...
The loss of sensitive data can cost a business millions of dollars and severely ...
Many organizations do not want to pay for a full-time CISO or do not know if they are ready...
The Cybersecurity Risk & Maturity Assessment (CSMA) is a gap analysis and risk assessment...
A vulnerability assessment systematically reviews security weaknesses in IT ecosystems...
A penetration test, or pen test, actively identifies, tests, and highlights your organization’s...
With the growing threat of cyberattacks and data breaches—and the potential costs...
At any time, your organization might be running hundreds of security controls...
With rapidly changing regulations, maintaining compliance isn’t just a box to check—it’s essential...
Move beyond one-time assessments. Our coaching program provides continuous...
Is your manufacturing business prepared for CMMC compliance? Learn what CMMC compliance is...
At Right Hand, we understand what it takes for companies doing work within a defense industry ...
The National Institute of Standards and Technology (NIST), a division of the U.S. Department...
SOC is a suite of reports from the American Institute of Certified Public Accountants (AICPA)...
PCI DSS designs a set of security standards to ensure that all companies accepting...
ISO 27001 is a set of standards and requirements for an information security management...
Is your IT team stretched to the breaking point supporting your business? Have you had...
Is your in-house IT staff overworked and overburdened managing routine tasks? Do you have...
Cloud computing is transforming the way organizations buy and consume software...
Is your current IT strategy prepared for the threats that your organization faces every day? From human...
Protect your data, ensure compliance, and strengthen your security posture...
Manufacturing operations face intense competitive pressures, increasingly complex supply chains, and strict compliance requirements like CMMC and ITAR...
Healthcare providers face mounting pressures from ever-evolving technology...
Accounting firms handle sensitive financial data—from tax filings to audit...
Law firms operate under strict confidentiality obligations and face evolving...
Auto dealerships handle a wealth of customer information, from financing details...
In Oil & Gas, uptime, safety, and data integrity are paramount. Whether you’re managing offshore rigs,...
Financial institutions bear a heavy responsibility: they hold sensitive client information and manage...
In the insurance sector, safeguarding sensitive policyholder information is essential—not just to meet...
Auto dealerships handle a wealth of customer information, from financing details...
Small and medium-sized businesses are the backbone of our economy, but they often face...
Protect your data, ensure compliance, and strengthen your security posture...
The loss of sensitive data can cost a business millions of dollars and severely ...
Many organizations do not want to pay for a full-time CISO or do not know if they are ready...
The Cybersecurity Risk & Maturity Assessment (CSMA) is a gap analysis and risk assessment...
A vulnerability assessment systematically reviews security weaknesses in IT ecosystems...
A penetration test, or pen test, actively identifies, tests, and highlights your organization’s...
With the growing threat of cyberattacks and data breaches—and the potential costs...
At any time, your organization might be running hundreds of security controls...
With rapidly changing regulations, maintaining compliance isn’t just a box to check—it’s essential...
Move beyond one-time assessments. Our coaching program provides continuous...
Is your manufacturing business prepared for CMMC compliance? Learn what CMMC compliance is...
At Right Hand, we understand what it takes for companies doing work within a defense industry ...
The National Institute of Standards and Technology (NIST), a division of the U.S. Department...
SOC is a suite of reports from the American Institute of Certified Public Accountants (AICPA)...
PCI DSS designs a set of security standards to ensure that all companies accepting...
ISO 27001 is a set of standards and requirements for an information security management...
Is your IT team stretched to the breaking point supporting your business? Have you had...
Is your in-house IT staff overworked and overburdened managing routine tasks? Do you have...
Cloud computing is transforming the way organizations buy and consume software...
Is your current IT strategy prepared for the threats that your organization faces every day? From human...
Protect your data, ensure compliance, and strengthen your security posture...
Manufacturing operations face intense competitive pressures, increasingly complex supply chains, and strict compliance requirements like CMMC and ITAR...
Healthcare providers face mounting pressures from ever-evolving technology...
Accounting firms handle sensitive financial data—from tax filings to audit...
Law firms operate under strict confidentiality obligations and face evolving...
Auto dealerships handle a wealth of customer information, from financing details...
In Oil & Gas, uptime, safety, and data integrity are paramount. Whether you’re managing offshore rigs,...
Financial institutions bear a heavy responsibility: they hold sensitive client information and manage...
In the insurance sector, safeguarding sensitive policyholder information is essential—not just to meet...
Auto dealerships handle a wealth of customer information, from financing details...
Small and medium-sized businesses are the backbone of our economy, but they often face...
In a recent cybersecurity advisory, Microsoft sounded the alarm on a disturbing trend: the rising prevalence of business email compromise (BEC) attacks leveraging legitimate file hosting services. This sophisticated evolution in cyber threats has caught many organizations off guard, as threat actors exploit widely-used platforms like SharePoint, OneDrive, and Dropbox to orchestrate their attacks.
The landscape of cybersecurity is constantly shifting, and BEC attacks have emerged as a formidable challenge for businesses of all sizes. By exploiting the trust associated with popular file hosting services, cybercriminals are finding new ways to bypass traditional security measures and infiltrate corporate networks.
As Jason Vanzin, CISSP and CEO of Right Hand Technology Group, emphasizes, “The use of legitimate file hosting services in BEC attacks represents a significant shift in tactics. It’s no longer enough to simply scan attachments; we need to be vigilant about the entire ecosystem of file sharing and collaboration tools.”
This blog post will delve into the intricacies of these attacks, exploring how threat actors are exploiting file hosting platforms, the defense evasion tactics they employ, and the sophisticated social engineering techniques used to compromise businesses. Most importantly, we’ll discuss critical awareness and prevention strategies to help organizations safeguard their assets against these evolving threats.
Microsoft’s recent threat intelligence report has shed light on a disturbing trend: cybercriminals are increasingly turning to legitimate file hosting services as a vector for BEC attacks. Platforms like SharePoint, OneDrive, and Dropbox, which are integral to many businesses’ day-to-day operations, have become attractive targets for threat actors.
These services are particularly appealing to cybercriminals for several reasons:
“The use of legitimate file hosting services adds a layer of complexity to cybersecurity,” notes Jason Vanzin. “It blurs the line between safe and malicious content, making it harder for both users and security systems to identify threats.”
This trend highlights the importance of cloud storage security and the need for organizations to reevaluate their approach to protecting shared resources. As businesses increasingly rely on these platforms for collaboration and file sharing, they must also recognize the potential risks they introduce.
Threat actors have developed sophisticated defense evasion techniques to bypass traditional security controls. One common tactic involves configuring shared files with restricted access or “view-only” permissions. This approach serves several purposes:
By leveraging these restrictions, cybercriminals can effectively circumvent many standard defenses that organizations have in place. According to recent statistics, over 60% of successful BEC attacks involve some form of access restriction on shared files.
To illustrate the effectiveness of these tactics, consider the following example:
This multi-step process demonstrates the sophistication of modern BEC attacks and the challenges they pose to traditional security measures.
Phishing campaigns are a cornerstone of BEC attacks, serving as the primary vector for credential theft. These carefully crafted campaigns are designed to deceive recipients into revealing sensitive information or taking actions that compromise security.
The typical anatomy of a BEC phishing campaign includes:
The ultimate goal of these campaigns is to obtain valid credentials, which can then be used for various malicious purposes, including:
Jason Vanzin warns, “The sophistication of these phishing campaigns cannot be overstated. They’re designed to exploit human psychology and organizational trust, making them incredibly difficult to detect without proper training and tools.”
Recent studies have shown that BEC attacks can result in average losses of $80,000 per incident, highlighting the severe financial impact of successful phishing campaigns.
The success of BEC attacks often hinges on sophisticated social engineering tactics. Threat actors employ a range of techniques to manipulate victims and evade detection:
These social engineering tactics are continually evolving, with cybercriminals adapting their approaches to overcome new security measures. For instance, the Mamba 2FA phishing kit allows attackers to bypass two-factor authentication, demonstrating the ongoing arms race between security professionals and threat actors.
“Social engineering remains the Achilles’ heel of many cybersecurity strategies,” observes Jason Vanzin. “No matter how robust your technical defenses are, a well-crafted social engineering attack can potentially compromise your entire network.”
For more in-depth insights into these sophisticated tactics, refer to the Microsoft Threat Intelligence Blog, which provides regular updates on emerging threats and attack vectors.
To combat the growing threat of BEC attacks leveraging file hosting services, organizations must adopt a multi-layered defense strategy. Microsoft and other security experts recommend the following best practices:
“A multi-layered defense strategy is essential in today’s threat landscape,” states Jason Vanzin. “It’s not just about having the right tools; it’s about creating a culture of security awareness throughout your organization.”
Organizations should also consider implementing advanced email security measures, such as:
These protocols can help prevent email spoofing and improve overall email security.
As BEC attacks continue to evolve and leverage legitimate file hosting services, organizations must remain vigilant and proactive in their cybersecurity efforts. By understanding the tactics employed by threat actors and implementing robust, multi-layered defense strategies, businesses can significantly reduce their risk of falling victim to these sophisticated attacks.
Key takeaways from this discussion include:
As we’ve explored, security awareness is paramount in combating these threats. Organizations must prioritize ongoing education and training to ensure all employees are equipped to recognize and respond to potential BEC attempts.
To further enhance your organization’s defenses against BEC and other cyber threats, we encourage you to download our comprehensive Cybersecurity Awareness Training Guide. This valuable resource provides in-depth strategies, best practices, and training materials to help you build a robust security culture within your organization.
Remember, the fight against cybercrime is ongoing, and staying informed is your best defense. By remaining vigilant and implementing the strategies discussed in this post, you can significantly reduce your organization’s risk of falling victim to BEC attacks and other cyber threats.
Discover strategies to defend your SMB against Black Basta ransomware, including employee education, multi-factor…
Navigate CMMC compliance complexity with our master guide. Explore key documents like SSP and…
Explore Shadow IT risks and benefits, and learn how consistent MSP support can help…
The Certified Information Systems Security Professional is an information security certification with extremely high standards. Less than 132,000 people worldwide had this certification at the end of 2018.
It has also been formally approved by the DOD and is globally recognized in the field of IT security.
It covers the following topics:
Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security
This a system engineer certification and tests the user’s knowledge on the following topics:
Windows
SQL Server
Exchange Server
SharePoint
System Center (SCCM)
Lync
The A+ Certification demonstrates that the computer technician has the skill set needed to customize, install, maintain, and operate PCs.
In addition to these certifications, Right Hand also has strategic partnerships with some of the biggest names in the industry like Microsoft, Dell, Citrix, and Fortinet.
What could be more assuring than having these industry giants on your side?
As the name suggests, this certification is for Network Engineers. Everything from the installation and maintenance to troubleshooting of networks including the understanding of all related technologies is a part of the course.
This certification shows that the technician who has passed the Microsoft exam is capable of managing, migrating, deploying, planning, and assessing the technology, security, and compliance needs associated with Microsoft Office 365.
The CompTIA Security Plus SY0-501 course provides certifications in the following topics:
Threats
Vulnerabilities
Attacks
System Security
Network Infrastructure
Access Control
Cryptography
Risk Management
Organizational Security