Phishing Delivery: Attackers distribute financially themed documents via legitimate Adobe Creative Cloud service embedding a clickable link that directs victims to a phishing website imitating the Office 365 login page.
Creative Phishing in the Cloud: Threat Actors Leverage Adobe Services
Financially themed Adobe documents evade traditional SEGs.
What is the attack?
Human Verification: The phishing website employs Cloudflare Captcha to ensure that only real users can access the site, providing an added layer of legitimacy for the attack.
Why did it get through?
Human Verification: The phishing website employs Cloudflare Captcha to ensure that only real users can access the site, providing an added layer of legitimacy for the attack.
Legitimate Hosting: The document was hosted on a legitimate Adobe Creative Cloud site, lending it an air of legitimacy.
URL Crawling/Analysis Protection: The added Captcha functionality limits automated link crawling and URL analysis features, increasing the difficulty for automated detection.
What is required to solve for this attack?
Behavioral Analysis: Abnormal’s Behavioral AI flags never-before-seen senders, unusual email content, and URLs as anomalies that enable the detection of novel attacks.
Defense-in-depth: This pairs well for defense in depth with the Cloud Email Platform (M365’s) Threat Intelligence layer.