If you've been keeping an eye on the ever-churning tech rumour mill, you might have come across the unsettling news of a surge in malware downloads linked to a cunning DarkGate malware campaign. This devious scheme tricks victims into unwittingly downloading and opening a malicious LNK file, thereby setting off a chain of infection that culminates in the deployment of the dreaded DarkGate payload.
But this isn't just another rumour – unfortunately, it's a harsh reality that has ensnared numerous individuals and organizations. In recent months, malware downloads in SharePoint have doubled.
Attackers employ a covert strategy by harnessing the widespread popularity of cloud applications to distribute malicious content. Leveraging cloud apps for malware delivery not only enables attackers to elude security controls reliant on domain block lists and URL filtering but also evades inspection of cloud-based traffic.
To maximize their success in targeting enterprise users, attackers tend to exploit cloud apps already deeply integrated into corporate environments. Microsoft OneDrive, a leading enterprise cloud app, has consistently occupied the top spot for hosting the highest number of cloud malware downloads for over six months.
In September, malware downloads from SharePoint surged significantly due to the DarkGate malware campaign, propelling SharePoint to the second position for hosting the highest number of cloud malware downloads.
So, what does this all mean for us?
We recently had a chat with Kyle, our in-house security analyst and resident ethical hacker, to delve into the nitty-gritty of this threat. In this discussion, we aim to shed light on why this happened, how you can shield yourself from it, and chart a path forward.
What is the cause?
It's just an unusual way of delivering ransomware. These hackers are always trying to find new and exciting ways of getting their horrible, dangerous software in people’s environments. Ever since the rise of work from home, a lot more companies are jumping onto SharePoint as a collaboration platform because of everybody working from home. It's bred the perfect environment for hackers to take advantage. They are taking advantage of the fact that there are a lot of new SharePoint users who aren't as experienced and haven't set up heavy security measures.
So, the issue here is not SharePoint itself, but rather the knowledge on how to keep your platform safe.
What would you say to people who are doubting the safety SharePoint as a collaboration tool?
SharePoint is a phenomenal tool and when you set it up correctly, it can be incredibly secure. It's just about knowing how to set it up correctly. Just make sure you do the correct research going into it or get the advice of people who have a great deal of experience with SharePoint, like us (GTconsult).
How can A Team Protection by GTconsult assist clients in keeping their platform secure?
Microsoft has given us many ways of improving the security for Office 365 and SharePoint, but it very daunting, there are hundreds and thousands of different configurations, policies and alerts that can set up. For an inexperienced staff member to try and find all the right things and all the best practices and put them in place, it's hard.
A lot of companies just don’t have the resources or the skills to get it done.
This is where A Team Protection comes in. We do an overview of your current secure score, go through the list of recommendations that Microsoft gives and work together with you to find the easiest way of implementing changes without causing a problem with user experience.
When is the best time to do this?
The best time is always now! The sooner, the better. The longer you leave it, the longer you're at risk. Bigger companies are at bigger risk compared to smaller ones. The risk still exists but it’s less than for a company with say, 500 employees.
The attack surface area is far greater and their value as a bigger company makes them a more exciting target for rogue individuals who are looking to make some money.
So, the best time is as soon as possible.
What are the next steps for those who have already fallen victim to the malware?
Organizations who have been victims of this already are on the radar and have been ear marked as a company with weaker security and maybe they've been labelled as an easy target.
If it happens once, there's a higher likelihood that you will become a victim of this type of thing again- unless your security is improved.
Do you have any other comments on SharePoint Security?
Don't always rely on one layer of security because no security solution is ever 100% effective. In the case that someone manages to find a way around to first layer of security, it's great to have a reputable antivirus or endpoint security solution on your work computers to make sure that even if a dodgy malware does come through, it gets caught on the operating system level and is cleaned up.
And there you have it – a comprehensive response from our expert analyst on the ongoing threat landscape. It's clear that you shouldn't take any chances; don't become the next victim. Instead, reach out to an organization that possesses extensive knowledge in securing platforms like SharePoint. Reach out to GTconsult. With our expertise, we'll proactively assess your security measures before cybercriminals have a chance. Let us fortify your defences before they get the chance to strike. Your data's safety is paramount, and we're here to ensure it.
Let us hack you before you get hacked!
Insights provided by: Kyle Farr
Kyle is an experienced Guru with a demonstrated history of working in the information technology and services industry. He is skilled in Untangle, BMC Remedy, Remote Desktop, Management, all versions of Windows, and Kali Linux. He is currently focused on penetration testing. He is a strong engineering professional with a BSc focused in Computer Science from University of South Africa