You may have heard about the recent Accellion breach. Accellion, a file-sharing app, was breached and now tons of universities and corporations have been hit. Major universities like Stanford and University of California were targeted; conglomerates like Shell were hit too.
File-sharing apps are not inherently secure, which is why Avanan protects apps like Dropbox, Google Drive and Box.
But because of the free-flowing nature of file-sharing, hackers will use this to their advantage.
Avanan researchers uncovered a phishing attack that leverages WeTransfer, another popular file-sharing app, to get credentials. This attack bypassed Mimecast, but was stopped by Avanan.
Here's what the attack looks like:
Looks like a standard email you'd get when someone shares files, right?
And when you click on "Get your files" you get directed to a pretty convincing replica of WeTransfer—with one difference:
The URL is certainly not WeTransfer. In fact, it has an invalid certificate:
However, if you kept going along to download the files, here's what happens:
Once you enter your credentials, that's the ballgame. You don't ever get the files. Instead, you get this page over and over again:
Hackers will do anything to get in your inbox. Posing as a trusted file-sharing source, with an email you may often get, tends to be a good way to do that.
