Abnormal Security released its
H2 2024 Email Threat Report,
revealing the growing threat of file-sharing phishing attacks, whereby
threat actors use popular file-hosting or e-signature solutions as a
disguise to manipulate their targets into revealing private information
or downloading malware.
Sophisticated File-Sharing Phishing Attacks on the Rise
Examining data collected between June 2023 and June 2024, Abnormal saw
file-sharing phishing volume more than triple, increasing 350% over the
year. The majority of these attacks were sophisticated in nature, with
60% exploiting legitimate domains, most commonly webmail accounts, such
as Gmail, iCloud, and Outlook; productivity and collaboration platforms;
file storage and sharing platforms like Dropbox; and e-signature
solutions like Docusign.
"The trust that people place in these kinds of services-especially those
with recognizable brand names-makes them the perfect vehicle for
launching phishing attacks," said Mike Britton, chief information
security officer at Abnormal Security. "Very few companies block URLs
from these services because they aren't inherently malicious. And by
dispatching phishing emails directly from the services themselves,
attackers hide in plain sight, making it harder for their targets to
distinguish between legitimate and malicious communications. And when
attackers layer in social engineering techniques, identifying these
attacks becomes near-impossible."
Finance and Built Environment Firms are Most Vulnerable
The finance industry was found to be most at risk, with file sharing
phishing attacks making up one in ten attacks. As financial institutions
rely on file-sharing platforms to securely exchange documents,
attackers have ample opportunities to slip in a fraudulent file-sharing
notification among the sea of invoices, contracts, investment proposals,
and regulatory updates.
The second most vulnerable industry was construction and engineering,
followed by real estate and property management companies. These sectors
not only rely heavily on frequent document transfers via file-sharing
platforms, but also involve time-sensitive projects with large payouts.
By exploiting the urgency of these exchanges, attackers have an
opportunity to send file-sharing phishing attacks that appear
time-critical and blend in seamlessly with legitimate emails.
BEC and VEC Remain Persistent Threats
The biannual report also revealed the continued growth of business email
compromise (BEC) and vendor email compromise (VEC) attacks:
-
BEC attacks grew by more than 50% over the last year, with attacks on smaller organizations jumping nearly 60% in the last half.
-
41% of Abnormal customers were targeted by VEC each week in the first
half of 2024, a slight increase over the 37% targeted in the second half
of 2023.
-
Construction and engineering firms, as well as retailers and consumer
goods manufacturers, were most vulnerable to VEC attacks, with 70% of
organizations receiving at least one VEC attack in the first half of the
year.
Britton continued, "Cybercriminals are continuing to use email to target
human behavior, and through a variety of techniques-whether it's
leveraging social engineering tactics for BEC, or using the guise of
legitimate applications in their phishing schemes. The report findings
underscore this deliberate shift away from overt payloads and threat
signatures, and toward email attacks designed to manipulate behavior.
Keeping up with these threats will require organizations to adapt
accordingly, recentering their defenses on protecting humans as their
most vulnerable endpoints."
Download the full H2 2024 Email Threat Report, "Bait and Switch: File-Sharing Phishing Attacks Surge 350%", here.