Using bulk transfer as phishing to deliver payloads
Attackers can also utilize bulk file transfer software, such as Smash, Hightail, Terashare, WeTransfer, SendSpace, and DropSend. Let’s take a simple scenario: assume we have targeted two people, a finance administrator and a CEO. Attackers can simply send files between these two victims, visiting one of the bulk transfer websites, such as sendspace.com, and upload a malicious file, while setting the sender as Financeadmin@targetcompany.com, and ceo@targetcompany.com as the receiver. Once the file is uploaded, both parties will receive the emails with the file link; in this case, ceo@targetcompany.com will receive an email stating that the file was sent successfully, and Financeadmin@cyberhia.com will receive something similar, as shown in Figure 5.39:
Figure 5.39: Sendspace bulk transfer emails
Most of the time, these bulk transfers are not on the blocked list in a corporate environment (if one is blocked, attackers...
