Researchers at Check Point Software have identified a concerning trend involving fraudsters who are targeting Dropbox users and stealing their personal and banking information. These attackers are employing fake login pages and using legitimate services like Dropbox to spread and store malicious code. This has resulted in a significant number of successful attacks, highlighting the need for organizations to take action to prevent these incidents.
Description
Researchers at Check Point Software have discovered a growing trend in which fraudsters are using fake login pages to target Dropbox users and steal their personal and banking information. These attacks [1] [2] [3], known as BEC 3.0 [1] [2], involve sending victims emails informing them of new shared files [1], which appear legitimate but actually contain malicious code [1]. The attackers have been able to spread and store the malicious code using legitimate services like Dropbox. In the first two weeks of September alone [3], researchers observed over 5,500 of these attacks. This technique allows the attackers to steal Microsoft user credentials. The use of legitimate sites like Dropbox makes it difficult for email security services to detect and prevent these attacks, bypassing NLP technology and URL scanning [3]. These attacks have cost businesses billions of dollars [3], highlighting the need for organizations to educate users on common tactics and deploy comprehensive security solutions to prevent BEC 3.0 attacks [3]. Check Point has notified Dropbox of these attacks [2].
Conclusion
The use of fake login pages and the exploitation of legitimate services like Dropbox by fraudsters have had significant impacts on businesses and individuals. These attacks have resulted in the theft of personal and banking information, leading to financial losses for victims. The widespread use of legitimate sites like Dropbox also poses challenges for email security services, making it difficult to detect and prevent these attacks [2]. To mitigate the risks posed by BEC 3.0 attacks, organizations must prioritize user education and implement comprehensive security solutions. Additionally, collaboration between security researchers and service providers, such as the notification of attacks to Dropbox by Check Point, is crucial in addressing and preventing future incidents.
References
[1] https://tekdeeps.com/dropbox-users-are-being-duped-via-fake-login-pages/
[2] https://www.aroged.com/2023/10/03/why-hackers-use-dropbox-to-steal-passwords/
[3] https://www.darkreading.com/cloud/fast-growing-dropbox-campaign-microsoft-sharepoint-credentials
