Security News > 2021 > April > Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks
SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug.
The phish is targeting Office 365 users with a legitimate-looking SharePoint document that claims to urgently need an email signature.
Jeff Costlow, CISO of ExtraHop, told Threatpost on Wednesday that the ransomware attacks against the 2019 vulnerability affecting SharePoint servers are the more insidious threat in the double whammy, in that they install remote control software and thus allow direct access to the infrastructure where attackers can freely frolic.
"Anyone using SharePoint needs to ensure that they are patching any instances of SharePoint to avoid the malware/ransomware installations. Long term, no amount of patching will solve the phishing problem. It's too easy for attackers to build sites that mimic legitimate sites. We need to rethink how sharing is done. Security teams need to take a proactive stance to help their users conduct business safely. There are various tactics to help alert users to possible attacks, such as setting up each SharePoint server to use a familiar background or image for users to ensure that they only input credentials on legitimate sites."
Cofense told Threatpost in an email on Wednesday morning that there's no apparent connection between the SharePoint phishing campaign that its analysts uncovered and the Wickr/Hello ransomware gang's ongoing exploitation of SharePoint server vulnerabilities.
Finally, the criminal ransomware attackers come in, socialize the exploit on Dark Net sites and use it to launch their own attacks.
News URL
https://threatpost.com/sharepoint-phish-ransomware-attacks/165671/
Related news
- Black Basta operators phish employees via Microsoft Teams (source)
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Microsoft SharePoint RCE bug exploited to breach corporate network (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)