Phishing Emails are happening right now! (pt.11)

I am going to bring my “Back-to-Basics Phishing Emails – A Primer” series to a close today – although if other primer projects are any measure we will return with further updates in the future.

phishing emails - are a problem every organisation has to face.

Phishing Emails – A Clear and Present Danger

Just last week the cyber security press was reporting yet another slant on phishing emails, that takes a useful Windows feature and exploits it to execute the threat actors’ attack. (Toulas, 2024)

These phishing emails include an .html attachment which appears, at first glance, to be an invoice in a .zip file. This obfuscation is employed as it helps evade anti-virus and email scanners, as some do not parse compressed/archived files for malicious content. (Q. does this apply to the AV/Email scanning you use?)

If the .zip and the .html are opened, the .html file forces Windows Search to access a remote server and download malicious files, then it displays a shortcut to an “invoice” for the user to click on. If the user clicks on this link, a file on the remote server will run and the attack continues.

Phew

Trustwave SpiderLabs researchers could not identify the end game for this set of phishing emails, as the rogue server went down before they could complete their investigations – but based on the amount of work done to get the attackers this far it could not have been good.

Your takeaway after eleven articles about phishing emails

Some of the steps in the described attack are automatic. However, if the user is aware of the types of modern cyber security threat every organisation faces daily, they can make the conscious decision they are being attacked and stop.

Does your team have that type of Cyber Security Awareness Training? Because as quickly as the vendors fix their AV/scanning software to protect you from this attack, the threat actors will come up with another variant – your technical defences will only take you so far! We can help you!

Next…

I am having a break next week.

Clive Catton MSc (Cyber Security) – by-line and other articles

References

Toulas, B. (2024). Phishing emails abuse Windows search protocol to push malicious scripts. BleepingComputer. https://www.bleepingcomputer.com/news/security/phishing-emails-abuse-windows-search-protocol-to-push-malicious-scripts/

Further Reading

Cyber Security Awareness Training | Smart Thinking Solutions

SOC-Backed AV | Octagon Technology

Back-to-Basics Phishing Email Primer

Phishing Primer – Social Engineering (pt. 1)

Phishing Primer – Social Engineering (pt. 2)

The Phishing Email and AI (pt. 3)

Phishing Primer – Phishing Types (pt. 4)

Email phishing needs bait… (pt 5)

Phishing Attacks – It is in the numbers. (pt 6)

Nothing is true, everything is a scam (pt.7)

Phishing Email – It is about time we looked at some… (pt.8)

Email Phishing – Back to bait… (pt. 9)

Sender Policy Framework – Phishing Email Primer (pt.10)

Featured photo by Quang Nguyen Vinh

In text photo by Miguel Á. Padriñán