Hackread reports that widely used software-as-a-service platforms are having their customers targeted by a novel Dropbox phishing attack that circumvents multifactor authentication to facilitate malware deployment and credential exfiltration activities since the end of January.
Attackers leveraging the 'no-reply@dropbox[.]com' domain sent emails with a Dropbox-hosted PDF to employees using the Darktrace SaaS environment, which when opened established a connection with a malicious endpoint redirecting to a fraudulent Microsoft 365 login page, according to a report from Darktrace. Aside from leveraging ExpressVPN-related endpoints to obfuscate their locations, threat actors also tapped valid tokens and fulfilled MFA requirements to avert the targeted organization's MFA policy, researchers said. Read More..