Phishing Delivery: Attackers send spoofed phishing emails with a theme regarding Payroll/Salary increases, using minimal context and a malicious attachment.
Hidden in Plain Sight – QR Code Phishing via Embedded MHT
Evading SEGs by embedding MHT files inside of documents.
What is the attack?
Malicious DOCX: Contains an embedded MHT (web archive) file with encoded images which include a QR code.
Hidden QR Code: The MHT file includes a QR code that, when scanned, leads to a phishing website.
Why did it get through?
Embedded MHT: The malicious MHT file was hidden inside a DOCX, bypassing basic security scans that typically flag direct MHT or executable attachments.
Encoded QR Codes: MHT files encode images, preventing basic static analysis of their content and making the QR code hidden until the document is opened.
QR Codes: Traditional email security scans rely on detecting URLs in email bodies, but the phishing link is embedded inside a QR code, avoiding detection.
What is required to solve for this attack?
Behavioral Analysis: Abnormal’s Behavioral AI flags never-before-seen senders, unusual email content, and URLs as anomalies that enable the detection of novel attacks.
Content Analysis and Natural Language Processing: Abnormal understands the email's content, recognizing the urgency and financial implications as indicators of a financial themed attack.