Menlo Security Acquires Votiro to Deliver Easy, AI-driven Data Security to Enterprises
Read Blog
In order to conduct business operations efficiently and effectively, organizations need to be able to transfer files to relevant parties. That includes transferring files internally between departments: such as HR’s need to send personnel tax forms to finance, or sending and receiving files from external sources and third-parties during the hiring process. Many organizations rely on file hosting services, business communication platforms, project management software, etc. to achieve these objectives, and the use of these programs has significantly increased with the shift to remote workspaces.
As a result, organizations must be cognizant of the file-borne threats not only in their email channels but also in business file transfer portals, since hackers will never miss an opportunity to take advantage of a new or recently popular threat vector.
With the many tools at their disposal, threat actors are able to leverage files to infiltrate corporate networks in order to infect systems, spread malware, and deploy ransomware. File formats can be injected with installers that load infostealers on infected devices. This leads to the gathering of basic system information and the scanning of applications, such as email. Additionally, macros inside of files—typically Microsoft Office files—can be altered for nefarious purposes. Malicious code is embedded inside of the macro, causing it to run as soon as it is opened and spread malware.
File hosting services, business communication platforms, and project management softwares serve as attractive threat vectors for cybercriminals due to the amount of trust employees have in these technologies. Users are more likely to be tricked into engaging with malicious files in these programs due to their assumed association with business activities.
Project management software helps employees stay on top of tasks by facilitating collaboration among team members through simplified file sharing. Threat actors have distributed malicious executables using public download links, as seen with Basecamp. In this case, corporate networks were compromised once a stealthy backdoor Trojan from TrickBot was deployed. This enables the threat actor group to access the network and ultimately deploy ransomware.
Business communication platforms have long gone beyond instant messaging to include capabilities such as file sharing and multimedia attachments. A phishing attack leveraging Slack involved an email that directed users to a malicious PDF file hosted on slack-files.com site within a Slack-branded workspace. In cases such as this, threat actors seek to steal employees’ credentials and gain access to sensitive data or advance through an organization’s network and spread malware. Additionally, hackers can use image steganography techniques to inject malicious code within an innocent-looking image that deploys a payload once downloaded.
File hosting services allow organizations to upload files onto the internet and share among relevant parties. Popular corporate file hosting services include Microsoft OneDrive, GoogleDrive, and DropBox.
An attack leveraging GoogleDrive created push notifications or emails that invited people to collaborate on a Google doc that hosted malicious links. The malicious activity was sent from Google’s no-reply address and used sophisticated social engineering tactics that lured users into engaging with the malicious content. Additionally, botnets have been discovered abusing DropBox’s API to fetch attack instructions and upload attack reports from the spreading bots.
As remote work continues to gain popularity and the use of file transfer portals increases, enterprises should be aware of the file-borne threats targeting these applications. Menlo’s patented Positive Selection® technology empowers organizations to download files from wherever they are and receive incoming files from company web applications—completely risk-free.
Considering that today’s detection-based tools aren’t designed to catch every threat, organizations roll the dice with each download. Menlo goes beyond scanning and singles out only the safe elements of each file, ensuring every file that enters your organization is 100% safe. That’s zero trust principles for zero zero-day threats.
Menlo Security
