Hacked SharePoint Site Used to Phish Office 365 Credentials

SharePoint Phish-Office Credentials

Hacked SharePoint Sites Are Being to Launch Phishing Email Attacks – Targets Banks

Hacked Microsoft SharePoint sites are being used to send phishing emails that beat most spam filters. Hackers are targeting financial services organizations mostly in the UK with this cyber attack. Cyber security researchers at Codefense discovered the phishing campaign designed to steal Office 365 credentials. Hackers use SharePoint, a content management system integrated with Microsoft Office 365, along with malicious emails to target British financial sector businesses. If a recipient clicks on the link in the initial email, they are sent to a compromised SharePoint site. The hacked site prompts the victim to review a OneNote document but attempting to download it sends the victim to a login credentials phishing page.

Common Hacked Passwords
Common Hacked Passwords

Because the embedded URL in the first email links to a SharePoint account and the email doesn’t contain malware or any suspicious attachments, it bypasses security checkpoints and spam filters.

Image Credit: Codefense Hacked SharePoint Site

SharePoint Phishing Campaigns – How it Works

The initial email comes from a compromised SharePoint account (independentlegalassessors.co.uk) which belongs to Independent Legal Assessors, a legitimate London based legal services firm.
The phishing emails contain typical office communications about legal issues, billing, or invoices. Recipients of the email are prompted to review legal information by clicking on a link to a SharePoint site. If the reader clicks on the link, it sends the reader to a compromised SharePoint site that contains a malicious OneNote document. The document is illegible and prompts the reader to download it by clicking on another URL. Attempting to download the document sends the victim to a spoofed OneDrive for Business site that functions as a credential phishing page. Victims are prompted to login with either Office 365 credentials or another username and password.

What is SharePoint?

SharePoint is an online content management system for businesses launched in 2001. It integrates with Microsoft Office. There are over 190 million users and 200,000 business customers. SharePoint is available in 47 languages. Although it is primarily a document storage and management system it is highly customizable. SharePoint users can belong to 5000 different groups likewise each group can have up to 5,000 users. There can be up to 10,000 groups in a site collection.

SharePoint Phishing Page
Image Credit: Codefense SharePoint Phishing Page

Phishing Attacks – How to Protect Against Them

Cybercriminals and hackers are increasingly using online content management systems such as Google Docs, Dropbox, SharePoint, and other business tools to launch phishing and malware attacks.

  • To protect against phishing attacks, users should consider implementing two-factor Authentication (2FA) for their online accounts if you’re not familiar with 2FA see our guide on how to factor Authentication can help you secure and protect login credentials
  • Businesses and individuals can also use an up-to-date anti-virus software to protect all electronic devices
  • Account passwords should be changed regularly, and the same password should not be used across multiple accounts.
  • Avoid using passwords and the annual most common password list.
How to Enable 2FA
How to Enable 2FA