The usage of Microsoft OneDrive for hosting malicious files has increased significantly. According to the FireEye report, Microsoft OneDrive surged more than 60% in the number of users who hosted malicious files in the previous quarter. According to FireEye, OneDrive has surpassed competitors such as Dropbox, Google Drive, and Wetransfer in terms of hosting malicious files.
On the other hand, Dropbox does not see a surge in the number of hosted malicious files that is almost identical to Microsoft OneDrive, but it still maintains the highest percentage of malicious file usage growth in quarter-on-quarter, making it the most commonly used hosting service for storing such files. Attackers find these well-known and trusted sites useful because they bypass the initial domain reputation checks performed by the security engine.
Instead of sending an email directly to the target with a malicious content attachment file, the attacker uploads the content to a file-sharing site. The target victim receives a new file from the service waiting for their notification, and a link to download the file. Some of these services also provide a file preview that displays the contents of the URL and clicks on the URL without downloading the file. This makes the attack very effective and hard to find.
The report also recommends that users do not store sensitive or confidential documents on publicly-hosted file-sharing sites because millions of victims’ email accounts today experience massive phishing.