The IT Nerd

Researchers at Avanan, A Check Point Company, have revealed its latest research analyzing how hackers hide malicious content inside “blank images,” creating automatic redirects that bypass anti-malware checks. 

• This technique adds a layer of sophistication to malicious HTML attachments with the <meta> tag, obfuscating the URL to evade link analysis and redirect to a compromised domain. 
• This email campaign starts with what appears to be a document from DocuSign, requesting the user to review and sign the document. 
• The document provides an HTM attachment containing an empty SVG image; clicking on the image within the document automatically redirects visitors to a malicious URL.

Jeremy Fuchs, Cybersecurity Researcher/Analyst at Avanan had this comment:

“Hackers can target practically anyone with this technique. Like most attacks, the idea is to use it to get something from the end-user. Any user with access to credentials or money is a viable target. HTM attachments aren’t new, nor are using Base64 trickery. What is new and unique is using an empty image with active content inside–a javascript image–which redirects to a malicious URL. It’s essentially using a dangerous image, with active content inside that traditional services like VirusTotal don’t detect.” 

You can read the full report here. It also has defence strategies in the report that you will find useful as well.

A few months ago, researchers at Avanan, a Check Point Software Company, wrote about how hackers are utilizing Microsoft’s Dynamics 365 Customer Voice platform to send phishing links.

Avanan has released its latest blog on how hackers are changing up their tactics with a new variation of this attack that continues to leverage Microsoft Voice.

This email campaign starts with what appears to be a new document (a fax notification) sent from SharePoint alerting the user that the document contains “particularly sensitive or confidential information.” and will expire in 14 days. Following the prompts directed end-users to a OneDrive look-alike page where login credentials are entered and stolen. 

You can read about the evolution of this attack here.

As the world rings in the New Year and embraces evolving cyber attacks, threat actors remain committed to prey on the vulnerable. n that front, researchers at Avanan, a Check Point Software Company, have posted their latest analysis on an attack where hackers leverage Facebook copyright infringement notifications to obtain personal credentials.

In this attack, users are presented with an email that their Facebook account has been suspended due to violation of Facebook’s copyright infringement policy. In order to prevent account suspension, an appeal must be made within 24 hours by clicking on the provided link that directs users onto a credential-harvesting page. 

You can read about this attack here so that you can keep an eye out for this attack should it hit your inbox.

It’s that most wonderful time of the year, Phishmas, when hackers get out their naughty and nice list and check it twice. Researchers at Avanan, A Check Point Company, have published its latest phishing report taking this theme to the next level.

They have a compilation of attacks observed during this holiday season that take advantage of shipping and package notifications from reputable brands such as UPS, DHL, USPS and FedEx, as well as impersonation attacks and paycheck fraud. 

You can read this report here.

Researchers at Avanan, a Check Point Software Company, will reveal its latest analysis on how hackers send fake Amazon account notices, targeting Japanese companies, in the hopes of getting credentials.

In this attack, users are presented with an email, written in Japanese, notifying them that their Amazon Prime Auto-Renewal has been deactivated and their membership information must be verified to prevent further account restriction. Clicking on the provided link will lead users onto a fake page that will steal credentials and payment details. 

You can read the analysis here.

Avanan, A Check Point Company, has released a new report on how and why hackers send phishing campaigns centered around holiday shopping. 

The research analyzes hackers sending fake email order confirmation notices in the hopes of getting the user to attempt to get a refund. 

In fact, they will instead be led to credential harvesting pages. End-users are targeted in this phishing campaign by hackers using social engineering and impersonation techniques. 

You can read the full report here.

Avanan, a Check Point Software Company, discusses how hackers target the government sector in the Western Hemisphere. 

This country, on average, sees 34,000 phishing attacks a year, most of which are financial-based attacks targeting government departments such as the Bureau of Standards, Foreign Affairs, and the Attorney General Office.

In this attack, victims are presented with an email containing a .htm file claiming that there is a voicemail transcription. In hopes that end-users would click on the file, the link contains a trojan that, when opened, would take over the users’ computers. 

The full report can be viewed here.

Researchers at Avanan, a Check Point Company, discovered how hackers are using scanner notification emails to send malware to end-users. 

In this attack, end-users are sent a spoofed notification that they have received a scanned message. To spark high interest, the subject line of the email was titled “Commission Receipt”, and the email contained a scanned document appearing as a .htm file, but in fact, was a malicious trojan waiting to be clicked on to take over the end-user’s computer. 

You can read more about this novel attack here.

Researchers at Avanan, a Check Point Company, have discovered hackers are spoofing legitimate college student email accounts to send out larger BEC and credential harvesting campaigns. 

In this attack, hackers compromise legitimate student email accounts to send out emails warning users of blocked messages that can only be released by clicking on the provided link. The link redirects victims onto a credential harvesting page that not only gives hackers access to key company information, but gives them the ability to send out even more attacks from the target account.

You can read the full report here.

Researchers at Avanan, a Check Point Company, have discovered hackers using the legitimacy of Google Translate to create credential harvesting pages.

In this attack, Avanan’s researchers illustrate how hackers are spoofing Google Translate, and including a bunch of obfuscation tactics to get into the inbox and to get end-users to enter credentials. 

The campaign presents users with a compelling email, targeting Spanish speakers, notifying them that they have pending emails that will remain restricted unless ownership of the account is confirmed within 48 hours. Clicking on the provided link redirects victims to a login page, where credentials are rendered.

You can read the full report here.