File sharing phishing attacks increase 350 percent

Although it dates back to the very early days of the internet, email remains a vital communications channel for businesses. But it also continues to present security challenges.

A new report from Abnormal Security reveals a 350 percent year-on-year growth in file-sharing phishing attacks, while business email compromise attacks (BEC) have grown over 50 percent from the second half of 2023 to the first half of 2024.

Perhaps unsurprisingly, the finance industry is most targeted by file sharing attacks, accounting for 14 percent of the total, followed by construction and engineering, and real estate firms.

"Over 40 percent of our customers are getting targeted with a BEC attack every single week," says Mike Britton, chief information security officer at Abnormal Security. "The business email compromise attacks continue to use a lot of social engineering. The other thing too is it's not just large organizations. Smaller organizations are increasingly victimized by BEC attacks and we saw a 60 percent rise in incidents there."

The report also shows that 60 percent of file-sharing phishing attacks are sent using legitimate domains. Attackers also use popular platforms like Dropbox, ShareFile, and Docusign to amplify their attacks and establish trust with victims. Only after the target leaves the email environment and engages with the shared file or document that they are exposed to the malicious content or payload.

The rise of remote working and larger hybrid workforces have led to a corresponding increase in the use of file-sharing services for business communications and collaboration. Attackers are capitalizing on this persuade people to click their links.

"I use Dropbox, maybe I use Google in my organization. Even if I don't, I recognize those names. So if I see a link that is a Google File share, a Google Drive share, versus something that's a random website dot XYZ, my brain is much more likely to click on that or perceive that as a legitimate site," adds Britton.

In addition there's been a slight increase in vendor email compromise (VEC) attacks. This is a high-effort but high-reward strategy that leverages social engineering tactics to exploit employees' trust. On average 41 percent of Abnormal customers were targeted by VEC each week between January and June 2024, compared to 37 percent in the second half of 2024.

Britton believes that spotting unusual patterns is key to defending against these attacks. "This cannot be done without artificial intelligence. There's just too much data, too much going on, too many signals to see. That's part of the other flaw with a lot of the legacy email solutions too. They're looking at message headers, they're looking at a finite list of things and they're typically looking for indicators of compromise."

The full report is available on the Abnormal Security site.

Image credit: stevanovicigor/depositphotos.com