Cybercriminals Use GetShared to Sneak Malware Through Enterprise Shields

Cybercriminals are increasingly leveraging legitimate file-sharing platforms like GetShared to bypass enterprise email security systems.

A recent case involving a former colleague, previously employed at Kaspersky, highlights this emerging threat.

The individual received an authentic-looking email notification from GetShared, a genuine service for transferring large files, claiming that a file named “DESIGN LOGO.rar” had been shared with them.

Suspicious of the unsolicited message, they refrained from clicking the link and forwarded it for analysis.

Upon closer inspection, the email was confirmed to be a sophisticated phishing attempt, part of a broader wave of attacks exploiting GetShared’s credibility to deliver malicious content.

Exploiting Legitimate Services for Malicious Intent

Cybercriminals favor services like GetShared because they often evade traditional email security filters.

Most enterprise-grade solutions are designed to block spam, phishing attempts, and malicious attachments at the gateway level.

However, notifications from trusted platforms such as Google Calendar, Dropbox, or GetShared are less likely to be flagged, as they originate from legitimate domains.

Scammers exploit this trust by embedding malicious links or files within these notifications, bypassing initial defenses.

While major platforms continuously update their security protocols and tighten user verification processes to prevent misuse, lesser-known services like GetShared remain vulnerable, becoming attractive tools for attackers seeking fresh avenues to infiltrate systems.

Dissecting the Phishing Tactics and Red Flags

The phishing email in question employed classic social engineering tactics to lure the recipient into engaging with the content.

Accompanying the file link was a message inquiring about pricing for items supposedly detailed in the attachment, complete with questions about delivery timelines and payment methods to create a facade of legitimacy.

However, several red flags pointed to its fraudulent nature. The filename “DESIGN LOGO.rar” starkly contrasted with the message’s implication of a product list, raising immediate suspicion.

Additionally, the sender’s email domain, visible in the notification, was linked to known scam activities upon a quick online search, further confirming the malicious intent.

Beyond this specific case, the use of third-party services for business communication should itself trigger caution.

According to Kaspersky Report, legitimate business inquiries typically follow standard email correspondence before resorting to external file-sharing platforms.

Unsolicited notifications from unfamiliar services often indicate ulterior motives-whether the attachment is flagged as spam by security engines, contains links to phishing sites, or harbors malware disguised as a benign document.

In this instance, the shared file was a text document with an absurd request to initiate contact, likely a precursor to further social engineering attempts aimed at extracting sensitive information or deploying malware.

As GetShared gains traction among cybercriminals, organizations must bolster their defenses by educating employees to scrutinize unsolicited file-sharing notifications and verify sender identities.

Implementing advanced threat detection systems that analyze the content and context of emails, even from trusted services, is also critical.

This incident serves as a stark reminder that even legitimate platforms can become unwitting vectors for cyber threats, underscoring the need for vigilance in an ever-evolving digital threat landscape.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!