Skyhigh Security Intelligence Digest

As organizations continue their rampant surge into the cloud, OneNote presents a useful notetaking and task management bridge between corporate premises, BYOD, and enterprise cloud realms, however, attackers have turned their attention to the app as a viable route for malware distribution.

The latest inception of phishing attacks is on the horizon. With the pervasiveness of cloud apps and the evolving nature of how they are used, from single-sign-on token integrations, users are being prompted to authorize access in what has become an overlooked attack vector to facilitate data leakage.

Email has been the lifeblood of enterprise communication and collaboration for decades; there’s simply no doubt about it. Email, however, is also still one of the most effective ways to distribute malware or ransomware, responsible for over 90% of malware deliveries and infections.

Hot on the heels of numerous high-profile breaches at the hands of cybercrime gangs, Cisco undoubtedly takes no pleasure in confirming a breach of its corporate network in a recent extortion attack from the Yanluowang ransomware group.

A common misconception among enterprises and their users leads the belief that cloud environments are immune to threats of ransomware. However, in a recent discovery made by Proofpoint researchers, malicious actors can instigate ransomware attacks by exploiting Microsoft 365 file version backups – made available thanks to the platform’s native file “auto-save” feature.

An unsecured server has exposed sensitive data belonging to airport employees across Colombia and Peru. The AWS S3 buckets containing approximately 3TB of data dating back to 2018 consisted of airport employee records, ID card photos, and personally identifiable information (PII), including names, photos, occupations, and national ID numbers.

The new hot name in ransomware attacks is Lapsus$. If you haven’t heard of them before, you’ve probably heard of some of the companies they attacked, including Nvidia, Samsung, Okta, and Microsoft – just to name a few. For the uninformed, Lapsus$ is a hacking group that focuses on data theft and extortion.

According to reporting from Bleeping Computer, threat actors are ramping up their efforts against Microsoft Teams for malware distribution by planting malicious documents in chat threads, ultimately resulting in victims executing Trojans that hijack their corporate systems.