Microsoft’s OneDrive has seen a rather significant rise in usage to host malicious files. According to a report from FireEye (via BleepingComputer), the file hosting service has seen a surge of users hosting malicious files grow to more than 60% last quarter compared to the previous rise of just a single-digit percentage point.
According to FireEye, OneDrive has seen the most significant jump of the other three services tested—Dropbox, Google Drive, and WeTransfer—in the percentage of use of malicious files stored on its service. Dropbox, on the other hand, while it hasn’t seen nearly the same jump as its Microsoft-owned competitor, continues to hold the highest percentage of malicious file usage growth quarter over quarter, making it the “most commonly used” file hosting service to store such files.
“Attackers find these well-known and trusted sites useful because they bypassed initial domain reputation checks performed by security engines,” the document explains. “Rather than sending an email with an attached file containing malicious content directly to a target, the attackers upload the content to the file sharing site. The target receives notification from the service that there is a new file waiting for them, along with a link to download the file. Some of these services also offer a preview of the file showing content in a URL that can be clicked without having to download the file. This makes the attack very efficient and difficult to detect”
The document also goes on to recommend that users should not store sensitive or confidential documents on a publicly-hosted file sharing site, due to the high volume of phishing that plagues the email accounts of the millions of victims today. Is this something that you’ve struggled with in the past or continue to experience even today?Further reading: Microsoft, OneDrive, phishing