{"id":21961,"date":"2024-10-23T14:07:24","date_gmt":"2024-10-23T13:07:24","guid":{"rendered":"https:\/\/interface.media\/?p=21961"},"modified":"2024-10-23T14:07:30","modified_gmt":"2024-10-23T13:07:30","slug":"fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks","status":"publish","type":"post","link":"https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/","title":{"rendered":"Fighting the new face of phishing: How to combat file-sharing attacks"},"content":{"rendered":"\n<p>File-sharing platforms have seen a huge boost in recent years as remote and hybrid workers look for efficient ways to collaborate and exchange information \u2013 it\u2019s a market that\u2019s continuing to grow rapidly, expected to increase by more than <a href=\"https:\/\/www.databridgemarketresearch.com\/reports\/global-file-sharing-market#:~:text=Market%20Analysis%20and%20Insights%3A%20Global,driving%20the%20file%20sharing%20market.\">26% CAGR through to 2028<\/a>.&nbsp;<\/p>\n\n\n\n<p>Tools like Google Drive, Dropbox, and Docusign have become trusted, go-to tools in today\u2019s businesses. Cybercriminals know this and unfortunately, they are finding ways to take advantage of this trust as they level up their phishing attacks.&nbsp;<\/p>\n\n\n\n<p>According to our recent research, file-sharing phishing attacks \u2013 whereby threat actors use legitimate file-sharing services to disguise their activity \u2013 have tripled over the last year, increasing <a href=\"https:\/\/abnormalsecurity.com\/resources\/h2-2024-report-file-sharing-phishing-attacks\">350%<\/a>.<\/p>\n\n\n\n<p>These attacks are part of a broader trend we\u2019re seeing across the threat landscape, where cybercriminals are moving away from traditional phishing attacks and toward sophisticated social engineering schemes that can more effectively deceive human targets, while evading detection by legacy security tools.&nbsp;<\/p>\n\n\n\n<p>As employees become more security conscious, <a href=\"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/\">attackers are adapting<\/a>. The once telltale signs of phishing, like poorly written emails and the inclusion of suspicious URLs, are quickly fading as cybercriminals shift to more subtle and advanced tactics, including exploiting file-sharing services.\u00a0\u00a0\u00a0<\/p>\n\n\n\n<p>So, what do these attacks look like? And what can organisations do to prevent them?&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-how-file-sharing-phishing-attacks-work\">How file-sharing phishing attacks work<\/h3>\n\n\n\n<p>All phishing attacks are focused on exploiting the victim\u2019s trust, and file-sharing phishing is no different. In these attacks, threat actors impersonate commonly used file-sharing services and trick targets into sharing their credentials via realistic-looking login pages. In some cases, cybercriminals even exploit real file-sharing services by creating genuine accounts and sending emails with legitimate embedded links that lead them to these fraudulent pages, or otherwise expose them to harmful files.\u00a0<\/p>\n\n\n\n<p>They will often use subject lines and file names that are enticing enough to click without arousing suspicion (like \u201cDepartment Bonuses\u201d or \u201cNew PTO Policy\u201d).\u00a0 Plus, since many bad actors now use generative AI to craft their communications, phishing messages are more polished, professional, and targeted than ever.<\/p>\n\n\n\n<p>We found that approximately <a href=\"https:\/\/abnormalsecurity.com\/resources\/state-of-cloud-account-takeover-attacks\">60%<\/a> of file-sharing phishing attacks now use legitimate domains, such as Dropbox, DocuSign, or ShareFile, which makes these attacks especially challenging to detect. And since these services often offer free trials or freemium models, cyber criminals can easily create accounts to distribute attacks at scale, without having to invest in their own infrastructure.\u00a0<\/p>\n\n\n\n<p>While every industry is at risk for file-sharing phishing attacks, we found that certain industries were easier to target than others. The finance sector, for example, frequently uses file-sharing and e-signature platforms to exchange documents with partners and clients, and usually amid high pressure, fast moving transactions. File-sharing phishing attacks that appear time sensitive and blend in seamlessly with legitimate emails are unlikely to raise red flags.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-why-file-sharing-phishing-attacks-are-so-challenging-to-detect\">Why file-sharing phishing attacks are so challenging to detect<\/h3>\n\n\n\n<p>File-sharing phishing attacks demonstrate just how effective (and dangerous) social engineering can be. Because these attacks appear to come from trusted senders and contain seemingly innocuous content, they feature virtually no indicators of compromise, leading even the most security conscious employees to fall for these schemes.<\/p>\n\n\n\n<p>And it\u2019s not just humans that these attacks are deceiving. Without any malicious content to flag, these attacks can also bypass traditional secure email gateways (SEGs), which rely on picking up on known threat signatures such as malicious links, blacklisted IPs, or harmful attachments. Meanwhile, socially engineered attacks that appear realistic\u2014including those that exploit legitimate file-sharing services\u2014slip through the cracks.\u00a0<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-a-modern-approach-to-mitigating-social-engineering-attacks\">A modern approach to mitigating social engineering attacks<\/h3>\n\n\n\n<p>While security education and awareness training will always be an important component of any cybersecurity strategy, the rate at which social engineering attacks are advancing means that organisations can no longer depend on awareness training alone.&nbsp;<\/p>\n\n\n\n<p>It\u2019s time that we rethink their cyber defence strategies, focusing on capabilities to detect the more subtle, behavioural signs of social engineering, rather than spotting the most obvious threats.<\/p>\n\n\n\n<p>Advanced threat detection tools that employ machine learning, for example, can analyse patterns around a user\u2019s typical interactions and communication patterns, email content, and login and device activity, creating a baseline of known-good behaviour. Advanced AI models can then detect even the slightest deviations from that baseline, which might signal malicious activity. This allows security teams to detect the threats that signature-based tools (and their own employees) might miss.&nbsp;<\/p>\n\n\n\n<p>As cybercriminals continue to evolve their attack tactics, we have to <a href=\"https:\/\/interface.media\/blog\/2024\/09\/19\/uk-organisations-poor-cybersecurity-blamed-on-lack-of-executive-leadership-and-accountability\/\">evolve our cyber defences<\/a> in kind if we hope to keep pace. The static, signature-based tools of yesterday simply can\u2019t keep up with how quickly social engineering techniques are advancing. The organisations that embrace modern, AI-powered threat detection will be in the best position to enhance their resilience against today\u2019s \u2013 and tomorrow\u2019s \u2013 most complex attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mike Britton, CISO at Abnormal Security, tackles the threat of file sharing phishing attacks and how to stop them from harming your organisation. <\/p>\n","protected":false},"author":480,"featured_media":21962,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"apple_news_api_created_at":"2024-10-23T13:07:28Z","apple_news_api_id":"e1532e09-af88-41a0-b804-cacb6be22687","apple_news_api_modified_at":"2024-10-23T13:07:29Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/A4VMuCa-IQaC4BMrLa-Imhw","apple_news_cover_media_provider":"image","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_cover_video_id":0,"apple_news_cover_video_url":"","apple_news_cover_embedwebvideo_url":"","apple_news_is_hidden":"","apple_news_is_paid":"","apple_news_is_preview":"","apple_news_is_sponsored":"","apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":[],"apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[3],"tags":[],"topic":[613,651],"class_list":["post-21961","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-interface","topic-cybersecurity","topic-people-culture"],"acf":[],"apple_news_notices":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.6 (Yoast SEO v26.6) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Fighting the new face of phishing: How to combat file-sharing attacks - Interface<\/title>\n<meta name=\"description\" content=\"Mike Britton, CISO at Abnormal Security, tackles the threat of file sharing phishing attacks and how to stop them harming your organisation.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Fighting the new face of phishing: How to combat file-sharing attacks\" \/>\n<meta property=\"og:description\" content=\"Mike Britton, CISO at Abnormal Security, tackles the threat of file sharing phishing attacks and how to stop them harming your organisation.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/\" \/>\n<meta property=\"og:site_name\" content=\"Interface\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-23T13:07:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-23T13:07:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/10\/iStock-1342116298.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1265\" \/>\n\t<meta property=\"og:image:height\" content=\"829\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dan Brightmore\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dan Brightmore\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/\",\"url\":\"https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/\",\"name\":\"Fighting the new face of phishing: How to combat file-sharing attacks - Interface\",\"isPartOf\":{\"@id\":\"https:\/\/interface.media\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/10\/iStock-1342116298.jpg\",\"datePublished\":\"2024-10-23T13:07:24+00:00\",\"dateModified\":\"2024-10-23T13:07:30+00:00\",\"author\":{\"@id\":\"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748\"},\"description\":\"Mike Britton, CISO at Abnormal Security, tackles the threat of file sharing phishing attacks and how to stop them harming your organisation.\",\"breadcrumb\":{\"@id\":\"https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/#primaryimage\",\"url\":\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/10\/iStock-1342116298.jpg\",\"contentUrl\":\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/10\/iStock-1342116298.jpg\",\"width\":1265,\"height\":829,\"caption\":\"Data hacking, fishing hook, stealing confidential data, personal information and credit card detail\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/interface.media\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Fighting the new face of phishing: How to combat file-sharing attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/interface.media\/#website\",\"url\":\"https:\/\/interface.media\/\",\"name\":\"Interface\",\"description\":\"Delivering World Class Content \u201cFrom Executive, For Executive\u201c\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/interface.media\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748\",\"name\":\"Dan Brightmore\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/interface.media\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g\",\"caption\":\"Dan Brightmore\"},\"url\":\"https:\/\/interface.media\/blog\/author\/dbrightmore\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Fighting the new face of phishing: How to combat file-sharing attacks - Interface","description":"Mike Britton, CISO at Abnormal Security, tackles the threat of file sharing phishing attacks and how to stop them harming your organisation.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_GB","og_type":"article","og_title":"Fighting the new face of phishing: How to combat file-sharing attacks","og_description":"Mike Britton, CISO at Abnormal Security, tackles the threat of file sharing phishing attacks and how to stop them harming your organisation.","og_url":"https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/","og_site_name":"Interface","article_published_time":"2024-10-23T13:07:24+00:00","article_modified_time":"2024-10-23T13:07:30+00:00","og_image":[{"width":1265,"height":829,"url":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/10\/iStock-1342116298.jpg","type":"image\/jpeg"}],"author":"Dan Brightmore","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Dan Brightmore","Estimated reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/","url":"https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/","name":"Fighting the new face of phishing: How to combat file-sharing attacks - Interface","isPartOf":{"@id":"https:\/\/interface.media\/#website"},"primaryImageOfPage":{"@id":"https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/#primaryimage"},"image":{"@id":"https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/10\/iStock-1342116298.jpg","datePublished":"2024-10-23T13:07:24+00:00","dateModified":"2024-10-23T13:07:30+00:00","author":{"@id":"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748"},"description":"Mike Britton, CISO at Abnormal Security, tackles the threat of file sharing phishing attacks and how to stop them harming your organisation.","breadcrumb":{"@id":"https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/#primaryimage","url":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/10\/iStock-1342116298.jpg","contentUrl":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/10\/iStock-1342116298.jpg","width":1265,"height":829,"caption":"Data hacking, fishing hook, stealing confidential data, personal information and credit card detail"},{"@type":"BreadcrumbList","@id":"https:\/\/interface.media\/blog\/2024\/10\/23\/fighting-the-new-face-of-phishing-how-to-combat-file-sharing-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/interface.media\/"},{"@type":"ListItem","position":2,"name":"Fighting the new face of phishing: How to combat file-sharing attacks"}]},{"@type":"WebSite","@id":"https:\/\/interface.media\/#website","url":"https:\/\/interface.media\/","name":"Interface","description":"Delivering World Class Content \u201cFrom Executive, For Executive\u201c","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/interface.media\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748","name":"Dan Brightmore","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/interface.media\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g","caption":"Dan Brightmore"},"url":"https:\/\/interface.media\/blog\/author\/dbrightmore\/"}]}},"_links":{"self":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts\/21961","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/users\/480"}],"replies":[{"embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/comments?post=21961"}],"version-history":[{"count":2,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts\/21961\/revisions"}],"predecessor-version":[{"id":21964,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts\/21961\/revisions\/21964"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/media\/21962"}],"wp:attachment":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/media?parent=21961"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/categories?post=21961"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/tags?post=21961"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/topic?post=21961"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}