Abnormal sees 350% uptick in phishing via file-sharing sites

Abnormal Security has released its H2 2024 Email Threat Report, highlighting a significant rise in file-sharing phishing attacks, which have surged by 350% over the past year.

These attacks predominantly exploit legitimate domains such as webmail accounts (Gmail, iCloud, Outlook), productivity and collaboration platforms, file storage and sharing platforms (Dropbox), and e-signature solutions (Docusign).

The report, which examines data collected between June 2023 and June 2024, indicates that 60% of the sophisticated phishing attacks took advantage of these legitimate domains.

Mike Britton, Chief Information Security Officer at Abnormal Security, explained the challenge these attacks pose: “The trust that people place in these kinds of services—especially those with recognisable brand names—makes them the perfect vehicle for launching phishing attacks. Very few companies block URLs from these services because they aren’t inherently malicious. And by dispatching phishing emails directly from the services themselves, attackers hide in plain sight, making it harder for their targets to distinguish between legitimate and malicious communications. And when attackers layer in social engineering techniques, identifying these attacks becomes near-impossible.”

According to the report, the finance industry faces the highest risk, with file-sharing phishing attacks constituting one in ten of all attacks in this sector. Attackers exploit the financial institutions' reliance on file-sharing platforms to securely exchange documents, slipping fraudulent notifications among legitimate invoices, contracts, investment proposals, and regulatory updates.

The construction and engineering sector is also highly vulnerable, followed by real estate and property management companies. These industries frequently transfer documents via file-sharing platforms and are often involved in time-sensitive projects with large payouts. The urgency associated with these exchanges provides an opportunity for attackers to send file-sharing phishing emails that appear critical, blending seamlessly with legitimate communication.

The biannual report also points to a continued increase in business email compromise (BEC) and vendor email compromise (VEC) attacks. BEC attacks have grown by over 50% in the past year, with smaller organisations experiencing a 60% spike in the last half of the year. Additionally, 41% of Abnormal customers encountered VEC attacks weekly in the first half of 2024, a slight rise from 37% in the latter half of 2023. Construction and engineering firms, retailers, and consumer goods manufacturers are particularly susceptible to VEC attacks, with 70% of these organisations receiving at least one attack in the first half of the year.

“Cybercriminals are continuing to use email to target human behaviour, and through a variety of techniques—whether it’s leveraging social engineering tactics for BEC, or using the guise of legitimate applications in their phishing schemes,” Britton continued. “The report findings underscore this deliberate shift away from overt payloads and threat signatures, and toward email attacks designed to manipulate behaviour. Keeping up with these threats will require organisations to adapt accordingly, recentering their defences on protecting humans as their most vulnerable endpoints.”

The H2 2024 Email Threat Report provides a detailed analysis of the various techniques employed by cybercriminals and the growing threats facing different industries. The findings underscore the necessity for organisations to enhance their security measures and place greater emphasis on protecting human behaviour vulnerabilities.