Blueprint of an EFSS Phishing Attack

Cybersecurity is a high-stakes game. The effects of a data breach can echo for years, as companies become associated with being poor managers of personal data. In spite of the risks, the benefits of enterprise file sync and sharing (EFSS) services remain clear: enterprise organizations and SMBs alike can use cloud-based solutions to easily synchronize and share documents.Not only are EFSS solutions convenient, but they are also cost-effective. Instead of maintaining expensive private servers, companies can outsource data storage to secure remote servers that are managed and maintained by trusted providers. Given competing interests, many company leaders struggle to find the right balance between effectively utilizing technologies and ensuring that their data and sensitive IP is secure. In fact, many enterprise organizations today remain wary — say they will not move mission-critical workloads to a public cloud environment. While skepticism is understandable, there are ways for companies to use cloud technology and avoid unnecessary risk exposure. The first step to shoring up your defenses is to understand the general blueprint of exactly how EFSS attacks happen. By taking advantage of hackers’ predictability, companies can gain a significant advantage. 

Understanding the Attack Pattern

Hackers employ a relatively consistent attack pattern to target enterprise data. First, they gain access to company email lists. Then, they make realistic but fabricated accounts in order to send around shared links that are rife with malware. There are two aspects to this general plan which tilt the scale in favor of the hackers. The first is that the email containing malware is from a sender that is familiar, so employees are more likely to open an attachment without stopping to question its contents. The second factor that makes this attack pattern dangerous is that the malware comes in the form of a shared link that goes to an uploaded PDF file. While many users are trained to be vigilant about scanning attachments for viruses, the simplicity of an embedded link to a seemingly innocuous shared file gives employees a false sense of security. Oftentimes, these file links are branded to look official and mimic sign-in dialog or other pages. For example, a hacker may forge a page where you input your . Once they access these, then Pandora’s box is opened - they can access email, OneDrive, SharePoint, etc.

Lastly, since the sender is typically unaware that malware has been sent out under their name, they are unable to warn their colleagues. As individuals click on the link, they further perpetuate the attack and the cycle continues.

Establishing Prevention Measures

Keeping this standard blueprint in mind, it’s important for organizations to implement several best practices as routine prevention measures. Some of these measures are fairly standard, such as employing secure passwords that are changed routinely, using two-factor authentication or multi-factor authentication, and making sure to close old email accounts. Another critical step to reigning in cybersecurity threats is through the ongoing education of employees. Users need to understand that even links coming from familiar domains such as Dropbox or OneDrive could be risky. In fact, the ubiquitous nature of these large platforms can make them especially appealing to hackers; in the first quarter of 2019, Microsoft OneDrive had a in malicious files hosted on the platform. With this in mind, companies should carefully monitor the news for reports of large site hacks. These are usually the genesis for a number of email hack threats, so it’s important to buckle down on monitoring during these times and to remind employees to exercise caution when opening email links, even when the email is from a familiar party. 

Devising Big-Picture Industry Solutions

While internal prevention measures may help companies guard their data on a small scale, it’s important that the industry simultaneously thinks about big-picture solutions to prevent the type of disastrous breaches that can turn companies upside-down. One route to consider is to increase validation efforts for new users signing up for file sharing platforms. By vigorously validating new users’ information through processes such as two-factor authentication or even through manual means such as calling new users to verify their information, this would help weed out potential attackers. Another possibility is in expanding hybrid cloud options that allow companies to take advantage of public file sharing systems for less sensitive data but would enable them to keep any sensitive data on a private cloud where data is stored in-house. 

Improving trust and understanding

While some of the fears surrounding EFSS-related risks are genuine, others are based on a lack of understanding about the way file-sharing works. For example, believe that some party other than the company doing the storing has access to private data on the cloud. Through a combination of preparing companies for the potential risks as well as educating them about the best ways to utilize the built-in protections available through EFSS solutions, decision-makers will finally be able to achieve the elusive and ideal balance of convenience and security.