Phishing Delivery: Attackers compromised a vendor account to distribute financially themed proposal documents hosted in Figma—a design software service embedding a clickable link that directs victims to a phishing website imitating the Office 365 login page.
Phishing by Design: Threat Actors Exploit Figma for Social Engineering
Leveraging design collaboration platforms to bypass traditional SEGs.
What is the attack?
Human Verification: The phishing website employs Cloudflare Captcha to ensure that only real users can access the site, providing an added layer of legitimacy for the attack.
Why did it get through?
Human Verification: The phishing website employs Cloudflare Captcha to ensure that only real users can access the site, providing an added layer of legitimacy for the attack.
Trusted Cloud Platform: By hosting the malicious link within a Figma diagram, attackers exploited the platform's reputation as a legitimate tool used widely by design and business teams.
URL Crawling/Analysis Protection: The added Captcha functionality limits automated link crawling and URL analysis features, increasing the difficulty for automated detection.
What is required to solve for this attack?
Behavioral Analysis: Abnormal’s Behavioral AI flags never-before-seen senders, unusual email content, and URLs as anomalies that enable the detection of novel attacks.
Defense-in-depth: This pairs well for defense in depth with the Cloud Email Platform (M365’s) Threat Intelligence layer.