Cyber attackers have become even more sophisticated as they begin to target cloud providers with innovative phishing methods.

Cloud security researchers have revealed that cyber attackers have discovered two ways that phishing emails are evading Microsoft Office 365 security protections: one using “hexadecimal escape characters” to hide coding and links, and the second by compromising SharePoint files.

Avanan, the cloud security company that uncovered the flaws, states the first method involves emails with an HTML attachment that contain a small excerpt of JavaScript that is obscured in hexadecimal escape characters.

An example provided explains how a phishing email, designed to be sent by PayPal and includes a fraudulent login page requesting Personally Identifiable Information (PII). By entering the individual’s sensitive data, they have unknowingly sent it to the cyberattackers.

This is a common method of attack and why people must remain vigilant when clicking unknown emails or external links.

The issue however is that these “phoney” emails are deceptive and are programmed to evade detection because their malicious links are hidden, the fake login-page is locally produced, and sandbox technologies generally overlook HTML files with a submit button.

In a separate post, security researchers observed that the attack that abuses SharePoint generally involves an email that leverages “a genuine invoice from a commonly used online site, with a publicly open link to Office 365 SharePoint,” which is a web-based, collaborative platform for Microsoft Office users. By clicking the link, it executes a JavaScript-based file that infects the endpoint. The reason the phishing emails are able to avoid detection is due to the fact Microsoft assumes SharePoint files are safe due to Microsoft developing the application.

Avanan states “Most people would assume that files on SharePoint and OneDrive would be scanned for malware, but the fact is that the scanning tools Microsoft uses for Office 365 are not used for files within SharePoint and OneDrive. Even if the malware is identified once, the same file in a different location in SharePoint will not be blocked.”

These claims have since been refuted by Microsoft who state their security solutions “regularly detect and flag these kinds of attacks” and that “Microsoft’s filters do not rely on the specific techniques described in the vendor post.”

This case shows two things very clearly: First, security measures such as anti-virus scanners alone are never enough to ensure effective protection against unauthorized access to files and data. Users can not be prevented from clicking on malicious links or files. And secondly, businesses must and can help ensure their data and files are better protected in the cloud, even if the cloud providers themselves take the highest security measures.