icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks

Summary:
Threat actors are exploiting various digital document publishing platforms to conduct phishing, credential theft, and session token hijacking. Cisco Talos researchers highlighted this trend, noting that using DDP sites increases phishing success rates due to their positive reputation, absence from web filters, and familiarity to users.

Unlike previous methods using cloud service, attackers now turn to DDP servers for hosting phishing documents, aiming to bypass email security measures. These platforms allow PDF files to be shared as interactive flipbooks, offering animations and other effects. Adversaries exploit DDP’s free tiers or trial periods to create multiple accounts and share malicious content. Additionally, DDP sites automatically remove content after a set period, making it harder to trace. Productivity features like Publuu’s integration hinder link extraction and detection in phishing emails.

Analyst Comments:
In their attacks, threat actors embed links to DDP-hosted documents in emails, leading victims to fake Microsoft 365 login pages to steal credentials. Researchers warn that DDP sites pose a challenge to defenders as they are less known and evade email and web content filters, providing an advantage to attackers in phishing campaigns.

Suggested Corrections:
Researchers at Cisco Talos have published recommendations to defend against phishing attacks that leverage DDP sites:

  • Block common DDP sites via border security devices, endpoint detection and response (EDR) like Cisco Secure Endpoint, web content filtering, and/or DNS security controls if access to these sites is not required for normal business operations. If blocking these sites will disrupt normal operations, develop a procedure to ensure malicious domains identified in DDP-hosted phishing lures can be quickly blocked.
  • Configure email security controls to detect and alert on links in emails containing common DDP site URLs.
  • Leverage threat intelligence to quickly identify newly created sites related to known threats – in this case, new DDP sites that may be leveraged by threat actors.
  • Monitor for behavioral trends within the organization’s internal environment that could indicate coordinated malicious activity, including activity to blocked sites.
  • Update user security awareness training to include information about DDP sites and other cloud-hosted phishing attack methods. Reinforce a “see something, say something” mentality when users are uncertain about a site’s legitimacy.

End users can also support defenders by remaining vigilant for documents shared over unusual or uncommon sites, even if those sites are legitimate and have a favorable reputation, and by following their organization’s guidelines for reporting suspicious emails.

Link(s):
https://thehackernews.com/2024/03/hackers-exploiting-popular-document.html

https://blog.talosintelligence.com/threat-actors-leveraging-document-publishing-sites/

Contact Us for Threat Assistance
Back to Current Threats