A recent analysis by the cybersecurity research team at ANYRUN has uncovered several emerging threats targeting prominent platforms, including Microsoft services and the manufacturing industry. These threats highlight the evolving threat landscape and the need for organizations to stay vigilant.
One such threat is the exploitation of Microsoft Azure Blob Storage in phishing campaigns. Attackers are using HTML smuggling to steal user credentials, making it difficult for security professionals to detect these attacks. ANYRUN’s Interactive Sandbox has detailed analysis sessions available for this attack, which can be accessed through Threat Intelligence Lookup.
Another target of HTML blob smuggling is Microsoft OneDrive, where attackers are luring victims with fake login pages and credentials sent to a Command and Control (C2) server. Base.js, a malicious script responsible for executing the attack, was extracted and decoded using ANYRUN’s MITM feature.
Phishing links embedded in Microsoft Dynamics 365 forms have also become a threat, tricking users into sharing sensitive information. ANYRUN’s Threat Intelligence tools can help uncover such attacks, allowing organizations to search for and analyze malicious forms in their sandbox environment.
The LogoKit phishing toolkit has evolved, exploiting services offering dynamic logos and screenshots. Its streamlined approach includes fetching company logos from logo.clearbit.com based on user-entered email domains and hosting malicious scripts, styles, and images on platforms like Cloudflare Pages.
A combined attack leveraging Lumma Stealer and Amadey Bot was also uncovered in December, targeting the manufacturing industry. This sophisticated campaign focuses on stealing sensitive information and taking control of critical systems, posing a grave risk to the sector.
As cybersecurity professionals continue to face evolving threats, ANYRUN’s cutting-edge tools are empowering over 500,000 users worldwide with its malware analysis and threat intelligence capabilities. Its Interactive Sandbox allows real-time malware interaction, while Threat Intelligence Lookup helps identify Indicators of Compromise (IOCs) and streamline incident response.
Source: https://cybersecuritynews.com/cyber-attacks-in-december-2024