Security News > 2021 > April > Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks

SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug.

The phish is targeting Office 365 users with a legitimate-looking SharePoint document that claims to urgently need an email signature.

Jeff Costlow, CISO of ExtraHop, told Threatpost on Wednesday that the ransomware attacks against the 2019 vulnerability affecting SharePoint servers are the more insidious threat in the double whammy, in that they install remote control software and thus allow direct access to the infrastructure where attackers can freely frolic.

"Anyone using SharePoint needs to ensure that they are patching any instances of SharePoint to avoid the malware/ransomware installations. Long term, no amount of patching will solve the phishing problem. It's too easy for attackers to build sites that mimic legitimate sites. We need to rethink how sharing is done. Security teams need to take a proactive stance to help their users conduct business safely. There are various tactics to help alert users to possible attacks, such as setting up each SharePoint server to use a familiar background or image for users to ensure that they only input credentials on legitimate sites."

Cofense told Threatpost in an email on Wednesday morning that there's no apparent connection between the SharePoint phishing campaign that its analysts uncovered and the Wickr/Hello ransomware gang's ongoing exploitation of SharePoint server vulnerabilities.

Finally, the criminal ransomware attackers come in, socialize the exploit on Dark Net sites and use it to launch their own attacks.

News URL

https://threatpost.com/sharepoint-phish-ransomware-attacks/165671/