A new report has revealed that threat actors are increasingly using Microsoft Visio files and scalable vector graphics (SVG) attachments in phishing cyber attacks. Two-step phishing attacks, which involve leveraging trusted platforms to deliver malicious content in layers to evade detection, have become a cornerstone of modern cybercrime.
According to Perception Point researchers, threat actors are now using .vsdx format files to evade detection during credential stealing cyber attacks. Visio is a commonly used tool employed in the workplace to visualize complex data or workflows, making it an ideal target for phishing attacks. The attackers use “harmless familiarity” as part of their strategy, delivering malicious URLs as part of a two-step phishing attack scenario.
The attacks start with an email containing a business proposal or purchase order, accompanied by an urgent request to view and respond to the attached .vsdx file. When the victim clicks on the URL, they are redirected to a compromised Microsoft SharePoint page hosting the Visio file. Another URL is embedded in the file, leading to another clickable call-to-action, such as a “view document” button.
To access the embedded URL, victims are instructed to hold down the Ctrl key and click, which evades email security scanners and automated detection tools. The attackers then redirect the victim to a fake page that looks like a Microsoft 365 portal login page, designed to steal user credentials.
Another tactic being used by threat actors involves deploying scalable vector graphics as attachments during phishing cyber attacks. This technique allows them to display malicious forms or deploy malware directly, evading detection by security software. Security researchers have found that SVG attachments can display HTML and execute JavaScript when loaded, creating credential-stealing forms.
To mitigate these risks, it is essential to have robust two-factor authentication in place for targeted accounts and to treat all emails with SVG attachments as suspicious. Organizations should also educate their employees on the tactics being used by threat actors and encourage them to be cautious when receiving such emails.
Source: https://www.forbes.com/sites/daveywinder/2024/11/18/security-warning-as-new-2sp-cyber-attacks-emerge-why-2fa-is-your-friend